How Attackers are Leveraging Remote Management Tools in Cyber Attacks
The Rise of RMM Tool Exploitation
Attackers are increasingly abusing legitimate remote management tools, known as RMM, to camouflage their attacks on corporate networks. A report by security vendor CrowdStrike observed a staggering 70% year-over-year rise in the use of RMM tools by adversaries, marking a pivotal moment in cybersecurity threats.
Preferred Tools for Cybercrime
ConnectWise ScreenConnect has overtaken AnyDesk as the most abused RMM tool between June 2023 and June 2024. These tools, intended for IT support and network management, are now exploited by cybercriminals to hide their activities within typical network operations.
- RMM tools provide attackers with camouflage, allowing them to blend in with legitimate traffic.
- These tools can be accessed through stolen credentials or exploiting vulnerabilities within the network.
- Attackers use existing RMM platforms after breaching networks through varied methods.
Strategies for Mitigating Risks
To combat these threats, organizations must enforce strict access controls, enhance monitoring of RMM usage, and conduct regular audits.
This article was prepared using information from open sources in accordance with the principles of Ethical Policy. The editorial team is not responsible for absolute accuracy, as it relies on data from the sources referenced.