RMM as a Vulnerability Exploitation Vehicle - PowerPoint PPT Presentation

About This Presentation
Title:

RMM as a Vulnerability Exploitation Vehicle

Description:

As a cybersecurity services provider organization, it is critically important to ensure that safeguards are always in place for both known and unknown threats. MSPs need to have a “Zero-Trust” approach to the supply chain, as many organizations learned with the SolarWinds attacks and log4j vulnerabilities.Call Us - +1 (978)-923-0040 – PowerPoint PPT presentation

Number of Views:3
Slides: 5
Provided by: Companyseceon
Tags:

less

Transcript and Presenter's Notes

Title: RMM as a Vulnerability Exploitation Vehicle


1
RMM as a Vulnerability Exploitation Vehicle
Remote Monitoring and Management (RMM) tools are
used by a substantial percentage of Managed
Service Providers (MSPs) and IT infrastructure
professionals. These tools are known to bring a
huge amount of efficiency and convenience for the
teams, albeit at the expense of the potential
security risks. With the increase of remote work
environments, RMM tools took on an even greater
role in managing endpoints and the applications
of their users.
2
RMM tools have always been an attack vector, and
over the years, many of the leading dozen or so
tools have been the subject of a vulnerability.
Perhaps, most famously, the Kaseya VSA ransomware
attack of July 2021 caused downtime for over
1,000 organizations. As a result, the
cybersecurity authorities of the United Kingdom,
Australia, Canada, New Zealand, and the United
States have released a joint Cybersecurity
Advisory (CSA), to provide guidance on how to
protect against malicious cyber activity
targeting managed service providers (MSPs) and
their customers. Alert Code AA22-131A
https//www.cisa.gov/news-events/cybersecurity-adv
isories/aa22-131a On January 26th of 2024
CISA, sent out a specific alert for RMM
tool-based risks as Alert CodeAA23-025A
https//www.cisa.gov/news-events/cybersecurity-adv
isories/aa23-025a and now just about a couple of
weeks later this becomes a very popular news
item. It is important to note that the advisory
specifically mentioned ConnectWise ScreenConnect.
CISA identified a widespread cyber campaign
involving the malicious use of legitimate RMM
software. Specifically, cyber-criminal actors
sent phishing emails that led to the download of
legitimate RMM softwareScreenConnect (now
ConnectWise Control) and AnyDeskwhich the actors
used in a refund scam to steal money from victim
bank accounts. Furthermore, the advisory
indicated clearly that the attack objectives are
financial, stealing sensitive information as well
as state sponsored drivers. This should have
certainly put all our cyber-defense friends at
notice, and I am sure many of us kept our
watchful eyes open.
3
Fast forward a couple of weeks to the second week
of February, and this becomes a real threat with
the identified critical vulnerability. The
administration access credentials will be stolen
for a multi-fold increase in the attack surface,
and that opens the doors to begin a wide variety
of attacks at scale. The attack primarily
restarts the installation of the ScreenConnect
agent with the attacker-specified new
administration credentials to gain access to the
target. The target is then used not only to
exploit but to create a cascade of attacks from
there. Certainly, the CVE-2024-1709 was patched
quickly by ConnectWise (https//www.connectwise.co
m/company/trust/security-bulletins/connectwise-scr
eenconnect-23.9.8). However, the industry is in
the middle of finding out impacted systems and
businesses and then assessing the damage in the
forms of penalties, loss of customers, increased
cyber insurance, and monetary loss in real terms.
As a cybersecurity services provider
organization, it is critically important to
ensure that safeguards are always in place for
both known and unknown threats. MSPs need to have
a Zero-Trust approach to the supply chain, as
many organizations learned with the SolarWinds
attacks and log4j vulnerabilities. Today, its
important for MSPs to consider protecting not
just their customers but their own estate using
real-time Machine Learning and AI-based proactive
and comprehensive threat detection. Many in
the industry have already recognized that this is
a cat-and-mouse game, and we are not talking
about if the attack will happen to us instead,
our planning and strategy must be how quickly we
can detect and protect ourselves when the attack
happens.
4
The industry is learning daily from such attacks
and is developing better defense mechanisms and
strategies using modern tools with automation. We
at Seceon are actively contributing to such
defense and welcome any queries to explain our
approach and help you benefit in your
cybersecurity journey. Seceon is a ConnectWise
Invent Certified Vendor, and we have dozens of
partners that have built MSP businesses as large
as 200M and power their cybersecurity services
with Seceon. We support the community and have
sponsored an exhibited ConnectWise events. In
January 2024, Seceon announced a version of the
Seceon aiSIEM-CGuard product for our partner
community. Seceon aiSIEM-CGuard Not-For-Retail
(NFR) license program is essential as governments
and experts are increasing the pressure on
managed service providers to protect themselves
to avoid threat actors from attacking their
clients. If you are interested in learning more,
please contact us.
Address - 238 Littleton Road Suite 206 Westford,
MA 01886 Phone no - 1 (978)-923-0040 Email Id
- sales_at_seceon.com Website - https//www.seceon.c
om/
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "RMM as a Vulnerability Exploitation Vehicle" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!