FORT MEADE, Md. - Legitimate remote access software is being used by cyber actors to access victims’ systems, blend in with regular network activities, and evade detection.
To guide network administrators and defenders on best practices and how to mitigate this malicious activity, the NSA has joined with co-authors in publicly releasing the “Guide to Securing Remote Access Software” Cybersecurity Information Sheet (CSI) today.
"Remote access may be a useful option for many organizations, but it also could be a threat vector into their systems," said Eric Chudow, NSA's System Threats and Vulnerability Analysis Subject Matter Expert. "If not properly secured, it could enable cyber actors to use or even have control over systems and resources, and can be used as part of living off the land techniques."
The co-authoring agencies include NSA, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing & Analysis Center (MS-ISAC), and the Israel National Cyber Directorate (INCD).
The guide provides an overview of activities associated with the malicious use of remote access software, such as common exploitations and associated tactics, techniques, and procedures (TTPs). It also includes best practices recommendations for service providers, IT administrators, and organizations to detect and defend against cyber actors abusing this software.
To recognize and detect malicious use, the authoring agencies recommend network administrators and defenders first establish a security baseline of normal network and software activity. This step is crucial to successfully implementing the mitigations detailed throughout the guide.
Read the full report here.
Visit our full library for more cybersecurity information and technical guidance.
NSA Media Relations
MediaRelations@nsa.gov
443-634-0721