CISA committee tackles remote monitoring and management protections

Written by Becky Bracken / Dark Reading
21st August 2023

Just two years after Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly unveiled the Joint Cyber Defense Collective (JCDC) initiative, a cooperative effort between public and private cybersecurity sectors, the group has presented its first piece of guidance: a road map to shore up the remote monitoring and management (RMM) systems ecosystem behind the country’s critical infrastructure.

RMM tools are used by managed service providers (MSPs) to remotely access many critical infrastructure systems. Not surprisingly, threat actors have sought out RMM tools to gain access to the organizations using them, the JCDC explained in its new RMM Cyber Defense Plan. Once breached, threat actors can evade detection and maintain persistent access in these infrastructure systems.

“These types of applications are popular ‘living off the land’ resources for attackers because they are unlikely to trip common EDR [endpoint detection and response] or antivirus detections and often operate with a high level of permissions on the devices they control,” says Melissa Bischoping, director of endpoint security research at Tanium. “The JCDC’s efforts to improve both education and awareness and vulnerability management of RMM software will reduce the risk of a threat actor successfully leveraging this tooling.”

RMM Tool Used to Attack Florida Water Supply

TeamViewer is an example of these legitimate RMM tools that can be abused all too easily, according to John Gallagher, vice president of Viakoo Labs.

“Remote monitoring and management software is extensively used. TeamViewer, for example, has more than 200 million users — and provides direct access to an organization’s compute infrastructure,” Gallagher says. “It provides secure access, but if that security is breached it can be devastating because of the ability of a threat actor to operate as if they are within the company and in front of that computer.”

To read the complete article, visit Dark Reading.

Cybersecurity

Partner content

CISA committee tackles remote monitoring and management protections

RMM Tool Used to Attack Florida Water Supply

Leave a comment Cancel reply

Commentary

September 3GPP Plenary: 6G officially begins, Release 19 on track

Latest 3GPP standards-development work includes new classes of HPUE, progress on mission-critical services

Is LMR the best solution for first responders? Should 4.9 GHz license go to the FirstNet Authority?

Video

Check out key takeaways from Disaster Management Symposium webinars, register to view archives

Video: Opening of the Expo Hall on day three of IWCE 2023

Lynk CEO Charles Miller: The sky’s the limit

Events

UC Ezines

IWCE 2019 Wrap Up

Cybersecurity

Partner content

CISA committee tackles remote monitoring and management protections

RMM Tool Used to Attack Florida Water Supply

Most Recent

Leave a comment Cancel reply

Related Content

Commentary

September 3GPP Plenary: 6G officially begins, Release 19 on track

Latest 3GPP standards-development work includes new classes of HPUE, progress on mission-critical services

Is LMR the best solution for first responders? Should 4.9 GHz license go to the FirstNet Authority?

Video

Check out key takeaways from Disaster Management Symposium webinars, register to view archives

Video: Opening of the Expo Hall on day three of IWCE 2023

Lynk CEO Charles Miller: The sky’s the limit

Events

UC Ezines

IWCE 2019 Wrap Up