In 2022 the most popular C2 used by threat actors was Cobalt Strike, so far in 2024 the most popular C2 has been remote monitoring and management tools (RMM). I’m looking at you Connectwise!! Now while I say this tongue in cheek, there is some truth in that statement. RMM’s are tools that are used by IT teams to administrate and keep tabs on machines no matter where they are at in world. These tools are helpful and, in some cases, vital for IT teams to manage company systems. The issue is that because these tools have control over every or most machines in an organization, they are powerful and useful but also dangerous.

Since they are so powerful RMM’s are stress relieving for IT teams but stress inducing (at ulcer and stroke levels) for cybersecurity teams. As uncle Ben told young Peter Parker, “With great power comes great responsibility.” RMM’s have the power and as security professionals we have the responsibility of securing them. How the heck do we do that though?

Let’s not wallow in despair about these tools but instead let’s take a journey together as we work to secure our RMM’s. We’ll talk about monitoring our monitoring system, monitoring for illegitimate RMM’s in our network, what we can do to secure them, and what to do if our RMM is fed after midnight(compromised) and goes on a rampage. Join me friends as we work to secure our RMM’s.