Cyber criminals use legitimate IT RMM tools to control computers

Close-up dark keyboard with coding and programing concept-1Cybercriminals are constantly finding new and innovative ways to gain access to individuals' and organizations' computers and steal sensitive information. ZDnet reports that one tactic that has become increasingly popular is the use of legitimate IT tools to gain control of computers. The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert due to the rising use of commercial Remote Monitoring and Management software for malicious use, such as ransomware installation.  

Remote Management and Monitoring (RMM) are commonly used by IT professionals to remotely access and manage computers. However, cybercriminals have found ways to exploit these tools, using them to gain access to a computer to install malware and discover and exfiltrate data. 

Cybercriminals use these legitimate IT tools by gaining access to a user's login credentials through phishing scams. They will send an email or message that appears to be from a legitimate source, such as a company IT department, asking the user to enter their login information. Once the cybercriminal has access to the login credentials, they can use RMM software to remotely access the computer. 

Another tactic that cyber-criminals use is to install “dropper” malware on a computer that allows them to gain remote access, often using phishing or unpatched vulnerabilities which allow for remote code execution on the endpoint. Once the malware is installed, the cyber-criminal can then deploy RMM software to connect to the infected computer and control the computer, change configurations, install additional malware, and steal sensitive information without users being aware of the changes. 

To protect against these types of attacks, it is important to be vigilant when receiving emails or messages that ask for login information and to be sure to only use legitimate IT tools from reputable sources. Additionally, keeping anti-virus or EDR software up-to-date and regularly scanning for malware can help protect against these types of attacks. Take steps to protect against these types of attacks by being cautious when receiving emails or messages asking for login information. Email security solutions, Managed EDR and User Awareness Training are ways an organization can protect against attacks using IT tools, as these attacks typically require user information or permission to be successful. 

Modernize, Optimize, Stabilize, and Secure your organization today. Contact us at 813-568-9011, visit our website at https://ballastservices.com, or click on Get In Touch to speak with us today.