Officials warn of cyber campaign using RMM software | HCLTech
Home
Subscribe
News

Officials warn of cyber campaign using RMM software

Employees from at least two US federal civilian agencies were hacked by cybercriminals last year as part of a fraud campaign
 
3 min. read
Jordan Smith
Jordan Smith
US Reporter, HCLTech
3 min. read
Share
Officials warn of the cyber campaign using RMM software

US cybersecurity officials are warning network defenders of a cyber campaign using legitimate remote monitoring and management (RMM) software to execute a phishing scam.

The “widespread cyber campaign” impacted at least two federal agencies, according to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). CISA warned network defenders of the malicious use of RMM software in a joint advisory with the National Security Agency and Multi-State Information Sharing and Analysis Center (MS-ISAC).

In the advisory, the authoring organizations outline that the cyber criminals sent phishing emails that led to a download for legitimate RMM software. The actors then used a refund scam to steal money from victim bank accounts.

In the advisory, the authoring organizations outline that the cyber criminals sent phishing emails that led to a download for legitimate RMM software. The actors then used a refund scam to steal money from victim bank accounts.

“Using portable executables of RMM software provides a way for actors to establish local user access without the need for administrative privilege and full software installation—effectively bypassing common software controls and risk management assumptions,” the advisory states.

CISA had discovered the cyber activity in October 2022, but by that time, the hackers had been sending phishing emails to federal employees’ personal and government email accounts since June. Forensic analysis of the cyber campaign found related activity on many other federal networks in addition to the two initial agency victims.

Protecting your network

The authoring organizations of the cyber advisory recommended that network defenders review Indicators of Compromise (IOCs) and Mitigations sections in the advisory and apply those recommendations to protect against malicious RMM software use.

Among those recommendations include: implementing best practices to block phishing emails, auditing remote access tools on your network to identify currently used and/or authorized RMM software and to use security software to detect instances of RMM software only being loaded in memory.

“As cyberattack vectors evolve, consumers and businesses alike need to make adjustments to stay ahead,” said EVP at HCLTech Amit Jain.

Adopting cyber frameworks to be adaptive and resilient can help businesses as the cyber landscape shifts. HCLTech’s Dynamic Cybersecurity model is a framework of governance and continual assessment to enable an adaptive and evolving posture while leveraging the best technologies. The model assists businesses in countering cyber risks effectively and helping organizations rethink, reimagine and reengineer enterprise security for a dynamic business.

 

Explore HCLTech in the news

Learn more

TAGS:
Share On
Copy link copy-link

Related Content

cyberattack storm
Digital | February 1, 2023

The lull before the cyberattack storm

Worldwide geopolitical instability has exacerbated the risk of catastrophic cyberattacks in the coming years

Learn more
Metaverse reality in 2023
Digital | February 1, 2023

Looking at the Metaverse reality in 2023

With Metaverse technology still in its fledgling stages, use cases are springing up across a range of industries

Learn more
Corrupted file likely cause of grounded flights in U.S.
News | January 17, 2023

Corrupted file likely cause of grounded flights in U.S.

According to the FAA, the outage was likely caused by a corrupt file

Learn more