The Guide to Securing Remote Access Software, together released by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC) and Israel National Cyber Directorate (INCD), offers insights on identifying and safeguarding against malicious activities related to this software, including common exploits and associated tactics, techniques, and procedures (TTPs).
Although remote access software offers useful functionalities, it is frequently exploited by malicious actors to bypass detection and establish network connections via cloud-hosted infrastructure. This guide addresses the significance of these techniques, as demonstrated by recent cases.
Derived from an ongoing collaborative initiative between public and private entities, this collective guide furnishes essential guidance to professionals and organisations operating in the domains of information technology (IT), operational technology (OT), and industrial control systems (ICS). It offers a comprehensive set of recommendations encompassing the secure utilisation of remote access software alongside strategies for detecting and mitigating threats from malicious actors who exploit remote access tools for their nefarious purposes.
Eric Goldstein, Executive Assistant Director for Cybersecurity, emphasised the significance of ongoing collaboration with partners in mitigating cyber risks for the public and private sectors. The joint guide is a valuable resource for organisations, providing insights into detecting and mitigating malicious exploitation of remote access software.
Eric Chudow, NSA’s System Threats and Vulnerability Analysis Subject Matter Expert, highlighted the dual nature of remote access as both a useful option and a potential threat vector, stressing the importance of proper security measures to prevent unauthorised control and the application of “living off the land” techniques. The contributions of the Israel National Cyber Directorate were also acknowledged, underscoring the commitment to strong collaboration with U.S. and international partners in delivering timely and actionable guidance to address emerging risks.
Bryan Vorndran, Assistant Director of the FBI’s Cyber Division, expressed the FBI’s commitment to preventing malicious cyber actors from exploiting remote access software networks for malicious purposes. Collaboration with federal, international, and private sector partners is key in combating such threats. Vorndran emphasised the importance of sharing insights from guides like this and reporting computer intrusions to strengthen network defences and prevent future victimisation.
Tom Alexandrovich, Executive Director of the Cyber Defense Division at the INCD, underscored the widespread use of major remote-control tools by APT and ransomware groups in cyber-attacks. These groups take advantage of readily available tools to deploy malware effectively. The joint guide represents a coordinated effort to mitigate these threats, fostering resilience, improving best practices, and safeguarding global cyberspace from common threats and tactics.
The authoring agencies emphasise the importance of network administrators and defenders establishing a security baseline of normal network and software as a crucial initial step in implementing the recommended mitigations outlined in the guide. By understanding and monitoring the baseline, organisations can identify deviations and anomalies indicating potential malicious activities.
This proactive approach allows for a more robust and targeted defence strategy, enhancing the network infrastructure’s overall security posture and resilience in the future.