Hackers abuse legitimate remote monitoring and management tools in attacks
CSO Online – Lucian Constantin
Researchers from Cisco Talos reported this week that one particular commercial RMM tool called Syncro was observed in a third of the incident response cases the company was engaged in during the fourth quarter of 2022. However, this wasn’t the only such tool used.

Separately in a joint advisory this week, the US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA) the and Multi-State Information Sharing and Analysis Center (MS-ISAC) warned about the use of RMM tools in a refund scam that targeted the employees of multiple federal agencies.

the malicious RMM usage that Talos observed has been primarily associated with ransomware attacks, showing other types of cybercriminals are jumping on this trend. Aside from RMM tools, the built-in Microsoft Remote Desktop Protocol (RDP) continues to be exploited by attackers for initial access due to poor password hygiene and weak security controls.
Link: https://www.csoonline.com/article/3686610/hackers-abuse-legitimate-remote-monitoring-and-management-tools-in-attacks.html