Today, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Israel National Cyber Directorate (INCD) published the Guide to Securing Remote Access Software to provide organizations with an overview of common remote access exploitations and associated tactics, techniques, and procedures (TTPs).
The Guide to Securing Remote Access Software provides organizations with a remote access software overview, including the malicious use of remote access software, detection methods, and recommendations for all organizations. Remote access software provides a proactive and flexible approach for organizations to internally oversee networks, computers, and other devices; however, cyber threat actors increasingly co-opt these tools for access to victim systems.
CISA encourages organizations to use the provided additional information on remote management and on malicious use of remote monitoring and management software in implementing remote software and remote software mitigations.