Headlines

“Securing Remote Access Software: Insights from US and Israel”

"Securing Remote Access Software: Insights from US and Israel"cybersecurity,remoteaccess,software,US,Israel

US and Israel Issue Guidance on Securing Remote Access Software

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Israel National Cyber Directorate (INCD), has released a joint Guide to Securing Remote Access Software, a comprehensive document aimed at helping organizations better protect themselves from cyber attacks exploiting remote access software.

Remote Access Software Vulnerabilities

Remote access software, including remote administration and remote monitoring and management (RMM) solutions, provides organizations with the ability to remotely manage and secure their IT, OT and ICS services. IT help desks, MSPs, network administrators, and SaaS providers rely on these programs to gather data on networks and devices, automate maintenance, perform endpoint configuration, recovery and backup, and patch management. However, remote access software can also be exploited by malicious actors to gain access to sensitive data, exfiltrate data and deploy malware.

New Guidance and its Recommendations

The guide covers remote access software and the potential risks it poses. It is authored by government agencies, cybersecurity vendors, and tech companies and focuses on how organizations can improve their security, ensuring malicious activity is detected and prevented. The recommendations cover multiple parties, including network administrators, MSP and SaaS customers, organizations, MSPs and IT administrators, and developers of remote access software.

Preventing Malicious Exploitation

The new guidance recommends a variety of techniques to prevent malicious exploitation of remote access software, including:

– Restricting the use of remote access software to the systems and users who require it for their work responsibilities.
– Enabling multi-factor authentication (MFA) for remote access to minimize the risk of credential theft.
– Limiting remote access software privileges to block potential attackers from gaining unauthorised access to a larger set of network resources.
– Regularly updating software to ensure that it remains protected against the latest vulnerabilities.
– Monitoring accounting management systems to detect any unauthorised access attempts immediately.
– Conducting ongoing security awareness training for employees and partners to identify suspicious activities for rapid response.

Small to Medium-sized Businesses and Ransomware

Small to medium-sized businesses (SMBs) that rely on MSPs remote access to manage OT, ICS, or IT infrastructures are particularly at risk of supply chain attack and malicious use of remote access software. It recommends that SMBs employing MSPs regularly review their remote access security to mitigate the risk of a security breach.

Ransomware groups are increasingly using RMM software, which offers monitoring and control capabilities and heightened permissions, making it an attractive tool for threat actors.

Conclusion: Addressing Remote Access Software Security

As the use of remote access software continues to grow, with many organizations continuing to work remotely, the importance of securing such software is paramount to protect sensitive systems and data. This guidance provides crucial advice to organizations to detect and prevent potential cyber attacks. Implementing these recommendations can go a long way in protecting the organization’s network from malicious exploitation.

Cybersecuritycybersecurity,remoteaccess,software,US,Israel


"Securing Remote Access Software: Insights from US and Israel"
<< photo by Tima Miroshnichenko >>

You might want to read !