Louis Blackburn, operations director at global ethical hacker and red team cybersecurity solutions provider CovertSwarm, commented: “In order to combat this [RMM abuse] tactic, organizations need to focus on endpoint hardening and reducing their attack surface.”

“Implementing application control measures, such as Windows Defender Application Control (WDAC) or AppLocker, will act as a primary line of defence against these attacks by preventing unauthorized applications from running, ensuring that end-users can’t unknowingly provide access to an attacker using a valid RMM tool,” Blackburn said.

Jake Moore, global cybersecurity advisor at ESET, added: “Enterprises can help discover and mitigate attacks on RMM tools by enforcing robust multifactor authentication to secure access, regularly monitoring RMM activity for any suspicious behaviour and continually ensuring that all software is kept up to date with the latest security patches.”