In fact, just last week AdvIntel reported on adversaries who-after gaining initial access-had installed an RMM tool called Atera and used it as a functional backdoor in the lead up to a Conti ransomware outbreak. These tools perform reliably, as you may expect with most enterprise software, and allow operators to pivot and transfer data to and from victim machines.Īdversarial abuse of remote monitoring & management (RMM) software is not new, but-given the rash of costly and destructive ransomware attacks in recent months and years-it’s particularly important that security teams develop robust security controls for detecting malicious use of RMM tooling. ![]() Red Canary’s Cyber Incident Response Team frequently observes adversaries abusing legitimate remote access utilities for lateral movement and execution of payloads.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |