The Cybersecurity and Infrastructure Security Agency (CISA), along with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), and Israel National Cyber Directorate (INCD), has published a comprehensive “Guide to Securing Remote Access Software”. This guide emphasizes the crucial role remote access software plays in the efficiency of IT/OT management and business continuity. However, it also outlines the associated risks, as these tools are often targeted by cyber threat actors for nefarious purposes, notably living off the land (LOTL) attacks.
LOTL attacks involve threat actors establishing network connections through cloud-hosted infrastructures, using existing tools to perpetrate malicious activities while remaining undetected. Remote access software appeals to these threat actors due to its ability to bypass security measures and software management control policies.
Despite the security challenges, the guide recommends several strategies for network defenders, including establishing a security baseline of normal network activity, correlating detected activities with other suspicious behaviors, and leveraging robust risk management strategies. Notable recommendations include using reliable standards like the NIST Cybersecurity Framework, auditing remote access software configurations, implementing network segmentation, and adopting a zero-trust architecture. The guide also encourages US organizations to promptly report any suspicious activity to the local FBI office.
Source: healthitsecurity.com
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.