CISA committee tackles remote monitoring and management protections

Becky Bracken, Dark Reading

August 21, 2023

2 Min Read
CISA committee tackles remote monitoring and management protections

Just two years after Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly unveiled the Joint Cyber Defense Collective (JCDC) initiative, a cooperative effort between public and private cybersecurity sectors, the group has presented its first piece of guidance: a road map to shore up the remote monitoring and management (RMM) systems ecosystem behind the country’s critical infrastructure.

RMM tools are used by managed service providers (MSPs) to remotely access many critical infrastructure systems. Not surprisingly, threat actors have sought out RMM tools to gain access to the organizations using them, the JCDC explained in its new RMM Cyber Defense Plan. Once breached, threat actors can evade detection and maintain persistent access in these infrastructure systems.

“These types of applications are popular ‘living off the land’ resources for attackers because they are unlikely to trip common EDR [endpoint detection and response] or antivirus detections and often operate with a high level of permissions on the devices they control,” says Melissa Bischoping, director of endpoint security research at Tanium. “The JCDC’s efforts to improve both education and awareness and vulnerability management of RMM software will reduce the risk of a threat actor successfully leveraging this tooling.”

RMM Tool Used to Attack Florida Water Supply

TeamViewer is an example of these legitimate RMM tools that can be abused all too easily, according to John Gallagher, vice president of Viakoo Labs.

“Remote monitoring and management software is extensively used. TeamViewer, for example, has more than 200 million users — and provides direct access to an organization’s compute infrastructure,” Gallagher says. “It provides secure access, but if that security is breached it can be devastating because of the ability of a threat actor to operate as if they are within the company and in front of that computer.”

To read the complete article, visit Dark Reading.

 

About the Author

Subscribe to receive Urgent Communications Newsletters
Catch up on the latest tech, media, and telecoms news from across the critical communications community