Cyber crooks use free trials of remote monitoring and management (RMM) tools to distribute ransomware, security experts warn.
Blackpoint Cyber Founder and CEO Jon Murchison says to protect against the growing threat, RMM companies need to have more checks and balances on their free trial system, while everyone else needs to have multi-factor authentication ( MFA) active on their RMM.
Explaining the stages of the attack, Murchison explained that the attacker would first use phishing to try to get the target’s VPN credentials. After connecting to the target endpoint, the threat actor would then install the trial version of the RMM and use it to deploy second-stage malware, typically ransomware.
Keep an eye out for free trials
The way trial systems are set up is certainly a problem, Murchison says, but the lack of MFA also makes it easier for scammers.
“RMM companies need to have a lot more checks and balances on their free trial system, and not just allow people to download them without background checks,” he said.
“I think a lot of big guys do that, but there are smaller ones, and foreigners, who don’t. They have to make sure there is some sort of barrier with the free trial. You can’t just sign up with a Gmail account or a made-up account and get it. You need to talk to people. You need to know that you are dealing with a real human and not a villain.
This is not a new problem, however. Murchison further said his company has been warning about this threat for a year now, adding that in the past three weeks alone there have been at least five such attacks.
“The message is that MSPs really need to look at their software inventory, if they’re using one RMM and they see another one popping up, you should pay attention to it,” the CEO concluded.