CISA Releases Guide to Securing Remote Access Software

The Cybersecurity & Infrastructure Security Agency (CISA) has released a new joint guide in partnership with the National Security Agency (NSA) and Federal Bureau of Investigation (FBI) on securing remote access software. The software is frequently used amongst IT professionals for remotely managing infrastructure. However, remote access software frequently becomes ripe for attack from malicious actors and hackers looking to exploit the platform’s access to corporate or personal computing infrastructure.

The jointly created document provides organizations with an overview of threats, including the malicious use of remote access software, detection methods, and recommendations for all organizations. These software platforms are popular as they provide a proactive and flexible approach for organizations to internally oversee networks, computers, and other devices. However, cyber threat actors increasingly co-opt these tools for access to victim systems.

CISA continues to deliver resourceful documentation to better equip the public and private sectors about top cybersecurity concerns. The ‘Securing Remote Access Software’ guide spans 10 pages and includes associated tactics, techniques and procedures (TTPs), detection, recommendations for organizations and IT administrators, and developers of the software.

Remote access software has most recently dominated the headlines in the supply chain cyberattack of 3CX software. Even legitimate software installations of ConnectWise Control and AnyDesk were breached earlier this year across U.S. federal agencies.

Common Remote Access Software Vulnerabilities

CISA outlines common vulnerabilities in the guide, such as:

• External remote services
• Supply chain compromise
• Phishing
• Valid Accounts
• Trusted Relationship
• Command Scripting Interpreter: PowerShell
• Remote System Discovery
• Remote Service Session Hijacking
• Exploitation of Remote Services

Detection of Remote Access Software

CISA recommends that organizations continually scan and inspect endpoints for the installation of remote access software—which often can be installed by end users and against corporate policy. Examples of detection techniques include using Endpoint Detection & Response (EDR) or Extended Detection & Response (XDR) solutions.

CISA Securing Remote Access Software Guide Download

The CISA Securing Remote Access Software Guide is free and available for anyone to access and download on the CISA.gov website. The guide is available in PDF format and can be shared.