To address the growing threat posed by malicious use of remote access software, several cybersecurity agencies have joined forces to release a comprehensive guide to the security of these tools.
The document was released on Tuesday by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Multinational Intelligence Sharing and Analysis Center (MS-ISAC), and the Israeli National Cyber Directorate ( INCD).
According to this guide, remote access software is essential for enabling organizations to remotely manage and monitor their networks, computers, and devices. It offers a flexible and efficient approach to IT and operational technology (OT) management, enabling proactive troubleshooting, maintenance, and backup operations.
However, these features themselves can also be attractive tools for malicious attackers to compromise the security of your company or system.
“Remote access software gives IT/OT teams a flexible way to detect unusual network and device issues early and proactively monitor systems,” the document states. increase.
“Cyber attackers are increasingly leveraging these same tools to gain easy and widespread access to victim systems.”
To uncover these techniques, this guide focuses on common exploits and associated tactics, techniques, and procedures (TTPs) used by threat actors utilizing remote access software.
For more information on such TTPs, a new vulnerability in Azure “Super FabriXss” allows remote code execution attacks.
These include sophisticated phishing campaigns, social engineering tricks, software vulnerability exploits, weak passwords, and many other techniques.
“The RMM software, in particular, has important capabilities not only to monitor or manipulate devices and systems, but also to gain advanced privileges, thus maintaining persistence for malicious attackers and preventing them from being compromised. It has become an attractive tool for lateral movement on the network,” the agency wrote.
Additionally, the guidelines emphasize the need for organizations to establish security baselines and have a good understanding of normal software behavior in order to effectively detect anomalous and malicious activity.
One of the key recommendations for organizations is to implement a robust risk management strategy based on established standards and to regularly monitor remote access software using endpoint detection and response (EDR) tools. is to
This guide advises organizations to be mindful of the integrity of their service providers’ supply chains. The publication of this document follows another effort CISA conducted in January to warn network defenders about malicious use of his legitimate RMM software tools.
