The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC) and Israel National Cyber Directorate (INCD) released a joint guide to help organizations identify and defend against cyberattacks abusing remote access software by providing common exploitations and associated tactics, techniques and procedures (TTPs).

“Cyber threat actors use remote access software for initial access, maintaining persistence, deploying additional software and tools, lateral movement, and data exfiltration. As such, remote access software— and RMM in particular—is often used by cybercriminals in ransomware incidents, and in certain APT campaigns,” the agencies said.

The guide also includes a set of recommendations for information technology (IT), operational technology (OT) and industrial control systems (ICS) professionals and organizations on best practices for securely using remote access software and how to detect and defend against malicious actors abusing remote access products.