Managed Services

RMM Software Misuse on the Rise in SMB Cyber Attacks

Blue military radar screen with grid coordinates and positioning. The scanner axis is spinning around the center and a detected object (plane or missile) is observed on the top half.

Blue military radar screen with grid coordinates and positioning. The scanner axis is spinning around the center and a detected object (plane or missile) is observed on the top half.

Cybercriminals are increasing their use of remote monitoring and management (RMM) software, presenting new challenges for SMB cybersecurity, according to a new report. The trend is an ongoing headache for MSPs because RMM is one of the core platforms in their businesses.

The 2023 SMB Threat Report from Huntress reveals a notable shift in cyberattack strategies against SMBs, focusing on the escalated use of RMM software. The data shows that 65% of cyber incidents involved cybercriminals leveraging RMM tools for unauthorized access to victim systems.

Originally designed for legitimate remote system management by managed service providers, RMM software is now being increasingly targeted by cyber attackers. This trend represents a departure from traditional malware-based attacks and adds complexity to the task of IT administrators in differentiating between regular operations and cyber threats.

Cybersecurity Report Details RMM Software Vulnerabilities in SMBs

The report provides insights into the dual nature of RMM tools, which can be used for both legitimate IT support and malicious activities. This misuse often evades standard anti-malware defenses, posing a unique challenge in the current cybersecurity landscape.

Evolving Cyber Threats: Non-Malware Methods Gaining Traction

Beyond RMM tool abuse, the report also highlights a broader trend of cyber adversaries increasingly employing non-malware methods. This includes exploiting system commands and legitimate software, accounting for over half of the incidents recorded. Such tactics indicate a move towards more sophisticated methods by attackers, blending seamlessly into normal network operations to avoid detection.

The findings in the Huntress report serve as an important alert for SMBs and their service providers. As cyber threats continue to evolve, adopting adaptive and comprehensive cybersecurity strategies is crucial. The shift in tactics by cybercriminals underscores the need for advanced threat detection and a proactive approach to cybersecurity in businesses of all sizes.

Related