Cybercriminals’ New Favorite Attack Vector: Your RMM

MSPs must implement multi-factor authentication and other best practices to prevent hackers from leveraging their management tools as a conduit to end customers’ networks.

MSPs are increasingly becoming the targets of a variety of different types of cyberattacks. Criminals are attempting to leverage the fact that by breaching an MSP’s network, they can potentially gain access to client credentials. Not only does this provide a potentially lucrative way to increase the damage caused by a ransomware attack, it also gives hackers multiple platforms where they can launch attacks using trusted credentials from several companies, all at once.

To keep their internal networks and their clients’ data safe, MSPs must fully secure their remote monitoring and management (RMM) platforms and other systems. A critical step in this process is to implement multi-factor authentication (MFA) strategies.

While MFA can require some adjustment (and inconvenience) for the MSP, the cost of having an RMM or other system breached and then used to attack the MSP’s client base is too steep, both financially and in terms of the company’s reputation. The rise in MSP-related ransomware attacks could also potentially damage the credibility of the entire MSP industry if firms don’t act now.

Several software firms are already mandating or recommending multi-factor or two-factor authentication. This approach is an effective way to prevent security breaches and credential theft because it secures each account by requiring that the user enter a code from an authentication app to authorize the session, as well as establish valid session-length parameters.

By requiring each RMM user to prove their identity using MFA, the possibility of a criminal successfully impersonating a legitimate user is significantly reduced. MFA can also help lower the risk of social engineering or keylogging-based attacks.

However, an MFA strategy alone won’t completely protect the RMM framework. The MSP should also implement additional best practices when it comes to security. This should include internal controls and policies that protect clients and meet all regulatory requirements and regular training and education for end users.

MSPs and their employees should also be sure to:

Use complex passwords. Users often adopt common passwords because they’re easier to remember. MSPs should adopt policies to force the use of more complex passwords that are more difficult to crack. In solutions like Barracuda Managed Workplace, administrators can enforce password length and require that the passwords include alphanumeric and special characters.

Force password expiration. The longer a password is used, the higher the chance it can be compromised. The RMM should be configured to require password changes regularly. However, this practice can encourage the use of common passwords or ones that are too simple or easy to remember. The system should be configured to prevent the use of the last six passwords.

Enable MFA. We’ve already covered this topic, but it bears repeating. Administrators should enable multi-factor authentication for all accounts. This may require the use of a TOTP (time-based one-time password) authentication app (like Google Authenticator) to generate an additional passcode for login.

Implement secure browser policies. Make sure to disable vulnerable browser functions, such as in-memory caching, as well as potentially unsafe plug-ins and extensions.

Keep the RMM up to date. A robust RMM solution is continuously being improved with new features. Make sure all software updates are implemented so that the security features reflect the current threat environment and can take advantage of more advanced tools and functions. Further, in addition to ensuring that the RMM has the latest security updates, it is also important that an MSP patch their endpoints. The fact is, software is only as secure as the platform that it is sitting on. If the system running the RMM software is infected by malware or ransomware, this can lead to a compromise or service outage for the MSP.

Enforce best practices. At the end of each user session, users should log out and lock their systems to reduce the potential for an attack, and follow all password and security policies.

Train, train, train. Provide regular education and training around how to spot phishing scams or malicious emails, how to protect credentials, and how to respond when there is a potential breach or credential theft.

An RMM platform is a valuable tool for managing your business and your clients’ systems. Don’t let it become a platform for cybercriminals to steal data and compromise your relationship with your customers. By following security best practices and implementing an MFA policy, you can reduce those risks immensely.