CISA Releases Guidelines on RMM
Share this:
Cybersecurity Agencies have collaborated to prepare a guid on securing remote access software tools, in order to control and thwart the threat that surrounds these tools.
The document was published on Tuesday by the US CISA, the NSA, the FBI, the MS-ISAC and the Israel INCD.
According to the guide, remote access software is crucial in enabling organizations to remotely manage and monitor networks, computers, and devices. It provides a flexible and efficient approach to IT and operational technology (OT) management, allowing for proactive troubleshooting, maintenance, and backup operations.
But this also make it an attractive tool for malicious actors to exploit, potentially compromising the security of businesses and systems. To shed light on these techniques, the guide highlights the common exploitations and associated tactics, techniques and procedures employed by threat actors leveraging remote access software.
These encompass various techniques, such as sophisticated phishing campaigns, social engineering tricks, exploitation of software vulnerabilities and weak passwords. It also emphasizes the need for organizations to establish a security baseline and be familiar with the normal behavior of the software to detect abnormal and malicious activities effectively.
The key recommendations for organizations is to implement a robust risk management strategy based on established standards and to regularly monitor remote access software using endpoint detection and response tools.
The guide also advises organizations to be cautious about the supply-chain integrity of their service providers. Its publication follows a separate effort CISA conducted in January warning network defenders about the malicious use of legitimate RMM software tools.
