The National Security Agency, Cybersecurity and Infrastructure Security Agency and the Multi-State Information Sharing and Analysis Center have released a joint advisory urging network defenders to safeguard systems against the malicious use of remote monitoring and management software by cyberthreat actors.
Help desks and managed service providers employ RMM software to provide technical and security support and malicious use of these platforms could enable cybercriminals to bypass common software controls, NSA said Wednesday.
In October 2022, CISA discovered a cyber campaign related to the use of RMM software and found that threat actors sent phishing emails that resulted in the download of legitimate software, which the criminals abused to steal money from bank accounts of victims as part of a refund scam.
According to the agencies, threat actors could exploit legitimate RMM software to target Department of Defense and industrial base networks and national security systems.
The advisory recommends several measures network administrators should take to mitigate cyberthreats, including auditing installed remote access tools to identify RMM software and implementing application controls to prevent unauthorized software execution.