08-07-2024, 01:30 PM
Attackers can blend in and evade detection thanks to RMM tools. Security controls and organizational security policies, such as application whitelisting, usually "ignore" them and their traffic.
This strategy also benefits script kids since it keeps them connected and ensures that everything they need is ready and waiting for them.
Our investigation identified two primary techniques that attackers employ to modify RMM tools and PSA software:
Misusing pre-existing RMM tools: Using pre-existing RMM tools, attackers obtain first access to an organization's network. They take advantage of weak or defect collaterals or tool vulnerabilities to obtain access without raising red flags.
2. Installing new RMM tools: By initially gaining access to the network, attackers install their preferred RMM tools. They use social engineering techniques or phishing emails to deceive victims into inadvertently installing the RMM utility on their network.
Also Read: What is honeypotting? How honeypots help enhance cybersecurity
This strategy also benefits script kids since it keeps them connected and ensures that everything they need is ready and waiting for them.
Our investigation identified two primary techniques that attackers employ to modify RMM tools and PSA software:
Misusing pre-existing RMM tools: Using pre-existing RMM tools, attackers obtain first access to an organization's network. They take advantage of weak or defect collaterals or tool vulnerabilities to obtain access without raising red flags.
2. Installing new RMM tools: By initially gaining access to the network, attackers install their preferred RMM tools. They use social engineering techniques or phishing emails to deceive victims into inadvertently installing the RMM utility on their network.
Also Read: What is honeypotting? How honeypots help enhance cybersecurity