Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,494
- Points
- 113
Together with other agencies and private companies, the agency has developed a powerful protection plan for RMM tools.
The US Cybersecurity and Infrastructure Security Agency (CISA), together with private companies, has presented its first plan to address the security issues of remote monitoring and management (RMM) tools.
RMM programs are usually used by IT departments of large organizations to remotely access employees ' computers. In recent years, hackers have been actively exploiting vulnerabilities in these tools, especially in state networks, to bypass security systems and gain long-term access to victims ' networks.
On Wednesday, CISA announced that it has developed a "clear roadmap for improving the security and sustainability of the RMM ecosystem"with industry partners within the Joint Cyber Defense Group (JCDC).
The plan focuses on four main objectives: vulnerability information sharing, industry coordination, end-user training, and enhanced consulting.
"The collaboration established to develop this plan has already achieved several achievements for stakeholders and the RMM ecosystem," said Eric Goldstein, CISA's Executive assistant Director for Cybersecurity.
According to Goldstein, CISA worked for several months with representatives of the cybersecurity industry on the plan, coordinating efforts with vendors, operators, agencies and other stakeholders.
"The cyber Defense plan for remote monitoring and management demonstrates the importance of this work and the importance of both deep partnership and proactive planning to address the systemic risks facing our country," he stressed.
CISA and the NSA warned back in January that criminals were using remote access software to maintain control over compromised systems. This, in particular, is evidenced by the campaign to steal funds from US government agencies.
In addition, in the past, attackers have repeatedly used vulnerabilities in RMM tools to spread malware. So, in 2019, hackers from the Gandcrab group exploited the vulnerability of the Kaseya plugin for sending extortionate software to the networks of clients of managed service providers.
And in November 2022, Microsoft discovered that the Royal gang was delivering malware disguised as legitimate AnyDesk installers. A data leak from the Conti group also indicated the use of remote monitoring software.
According to CISA, both private cybercrime groups and government hackers exploit remote access tools to massively attack organizations around the world.
Published on Wednesday, the plan aims to expand the exchange of threat data between the US government and RMM solution providers. Experts also hope to establish mechanisms to improve the security of these tools and develop guidelines for protecting end users.
In addition, CISA wants to strengthen the distribution of advisory notifications in the remote access software development community in order to quickly respond to new cyber threats.
The US Cybersecurity and Infrastructure Security Agency (CISA), together with private companies, has presented its first plan to address the security issues of remote monitoring and management (RMM) tools.
RMM programs are usually used by IT departments of large organizations to remotely access employees ' computers. In recent years, hackers have been actively exploiting vulnerabilities in these tools, especially in state networks, to bypass security systems and gain long-term access to victims ' networks.
On Wednesday, CISA announced that it has developed a "clear roadmap for improving the security and sustainability of the RMM ecosystem"with industry partners within the Joint Cyber Defense Group (JCDC).
The plan focuses on four main objectives: vulnerability information sharing, industry coordination, end-user training, and enhanced consulting.
"The collaboration established to develop this plan has already achieved several achievements for stakeholders and the RMM ecosystem," said Eric Goldstein, CISA's Executive assistant Director for Cybersecurity.
According to Goldstein, CISA worked for several months with representatives of the cybersecurity industry on the plan, coordinating efforts with vendors, operators, agencies and other stakeholders.
"The cyber Defense plan for remote monitoring and management demonstrates the importance of this work and the importance of both deep partnership and proactive planning to address the systemic risks facing our country," he stressed.
CISA and the NSA warned back in January that criminals were using remote access software to maintain control over compromised systems. This, in particular, is evidenced by the campaign to steal funds from US government agencies.
In addition, in the past, attackers have repeatedly used vulnerabilities in RMM tools to spread malware. So, in 2019, hackers from the Gandcrab group exploited the vulnerability of the Kaseya plugin for sending extortionate software to the networks of clients of managed service providers.
And in November 2022, Microsoft discovered that the Royal gang was delivering malware disguised as legitimate AnyDesk installers. A data leak from the Conti group also indicated the use of remote monitoring software.
According to CISA, both private cybercrime groups and government hackers exploit remote access tools to massively attack organizations around the world.
Published on Wednesday, the plan aims to expand the exchange of threat data between the US government and RMM solution providers. Experts also hope to establish mechanisms to improve the security of these tools and develop guidelines for protecting end users.
In addition, CISA wants to strengthen the distribution of advisory notifications in the remote access software development community in order to quickly respond to new cyber threats.
