The US Cybersecurity and Infrastructure Security Agency (CISA) has unveiled its Remote Monitoring and Management (RMM) Cyber Defense Plan.
Created in collaboration with industry and government stakeholders through the Joint Cyber Defense Collaborative (JCDC), the plan is a decisive step in countering the escalating risks associated with exploiting RMM software.
RMM tools, designed for continuous monitoring and remote administration of systems, have become a favored target for cyber threat actors, particularly in the realm of ransomware attacks.
These actors exploit vulnerabilities within RMM platforms to infiltrate managed service providers (MSPs) and operate managed security service providers’ (MSSPs) servers. The resulting breach not only jeopardizes the compromised servers but also affects the numerous small and medium-sized enterprises that are served by MSPs and MSSPs.
“Cyber-criminals reduce their risk of discovery when using legitimate software, such as RMM, that may have already been installed on the victim’s device. Using portable executables offers a way for bad actors to establish local user access without the necessity for administrative privilege or full software installation,” explained Patrick Tiquet, vice president of security & architecture at Keeper Security.
“A malicious attack that’s launched via legitimate software circumvents common software controls and creates less new files that detection tools would catch.”
The newly-released JCDC RMM Cyber Defense Plan is underpinned by the JCDC 2023 Planning Agenda and represents a significant milestone in the ongoing evolution of the collaborative’s endeavors. The plan aligns with the core functions of the JCDC, which include the development of comprehensive cyber defense strategies, facilitating operational cooperation and disseminating cybersecurity guidance.
Read more on the JCDC efforts: CISA Unveils Ransomware Notification Initiative
Divided into two pillars, the JCDC RMM Cyber Defense Plan focuses on operational collaboration and cyber defense guidance. The first pillar encourages coordinated actions within the RMM community, encouraging information exchange and creative security solutions. It encompasses two lines of effort: Cyber Threat and Vulnerability Information and Enduring RMM Operational Community.
The second pillar, Cyber Defense Guidance, is geared towards raising awareness among RMM end-users about existing threats and promoting robust security practices. This pillar encompasses the lines of effort End-User Education and Amplification.
By addressing the systemic risks tied to RMM software exploitation, the JCDC RMM Cyber Defense Plan contributes significantly to enhancing the global cybersecurity landscape.
“It’s important to have a browser protection that can scan for malicious code and exploits in real-time installed on all browsers and mobile devices,” explained SlashNext CEO, Patrick Harr.
“Organizations should also have security controls in place on all devices that can access the organization or user data and can scan for these types of common malicious characteristics [...] actively parsing web page content or launching phishing pages within the browser.”
CISA is urging organizations to explore the comprehensive insights provided by the plan and the 2023 Planning Agenda on their official website.