Louis Blackburn, director of operations at global hacker and red team cybersecurity solutions provider CovertSwarm, commented: “To combat this. [RMM abuse] strategy, organizations need to focus on ultimately strengthening and reducing their attack surface. “
“Using application control methods, such as Windows Defender Application Control (WDAC) or AppLocker, will act as the main line of defense against these attacks by preventing unauthorized applications from running, ensuring that end users cannot unknowingly grant access to an attacker. you’re using a valid RMM tool,” Blackburn said.
Jake Moore, global cybersecurity consultant at ESET, added: “Businesses can help detect and mitigate attacks on RMM tools by enforcing multifactor authentication to protect access, regularly monitoring RMM activity for any suspicious behavior and continuously ensuring that all software is kept up to date. with the latest security patches.”
Source link