Trend #9: Remote monitoring and management abuse
Adversaries will abuse remote monitoring and management (RMM) tools because they’re widely used for legitimate reasons and seem benign, says Red Canary. Typically, RMM has been used by helpdesk technicians to resolve issues on client computers. Adversaries can blend in while moving laterally, communicating with and passing information in and out of an infected host. Ransomware operators abuse RMM to remotely control victims’ machines and deploy additional malicious payloads. This makes it harder to catch adversaries.
Return To Article
