Remote monitoring and management (rmm) tooling increasingly an attacker’s first choice

Intel Name: Remote monitoring and management (rmm) tooling increasingly an attacker’s first choice

Date of Scan: March 18, 2025

Impact: High

Summary:
Threat actors are increasingly using legitimate Remote Monitoring and Management (RMM) tools in email campaigns as an initial attack vector. While RMM software is essential for IT administrators, cybercriminals exploit it similarly to remote access trojans (RATs). In 2024, there was a rise in financially motivated cyber threats delivering RMM tools like ScreenConnect, Fleetdeck, and Atera via email. Proofpoint data shows a shift from NetSupport to other RMMs, marking an evolution in attacker tactics.

More Details