Mission Critical MSP and Customer Data in RMM Environments at High Risk
Leading cloud backup, recovery and restore software provider Asigra Inc., today released a bulletin to the company's global network of managed service providers warning of the growing ransomware threat to remote monitoring and management (RMM) platforms as an incessant stream of insidious malware variants put solution provider and end-customer applications and data at significant risk.
RMM software helps managed IT service providers (MSPs) remotely and proactively monitor client endpoints, networks and computers. It was historically called remote IT management. Deploying RMM requires an agent installed on client servers, hypervisors, workstations, networking devices, laptops, and other mobile endpoints. The RMM issues tickets or alerts to the MSP when it detects a problem classifying them based on severity, problem type and criticality, which has driven the widespread use by MSPs globally.
However, when MSPs are utilizing their RMM platform with tightly integrated backup solutions, there is a single access point to dozens, hundreds, or even thousands of organizations. Since the RMM platform is based on agents that are pushed out, the ransomware can potentially push out its malicious code to each of the MSP clients while neutering the backups. This makes MSPs a very lucrative target.
"Once RMM administrative privileges are compromised by a criminal hacker using tried, true, and very effective methodologies such as phishing, website hijacking or malicious advertising," says Marc Staimer, Principal Analyst for DragonSlayer Consulting. "The criminal party identifies the MSP employee targets and begins to attack."
As an example, the hacker may send an urgent email or text that appears to come from their direct manager or company executive. The email or text likely contains a link that downloads the ransomware or malware, or an attachment that’s infected with it. The email may emulate an alert email from the same RMM program or another that occurs all the time. Once the RMM platform is compromised, so is the integrated backup. Now the entire MSP client base is under dire threat.
Mitigating Ransomware's Threat to RMM
Protecting the MSP's RMM platform against data is a simple three step process. First, train all employees to be aware of targeted phishing attacks as this is the number one channel by which ransomware enters the network. Next, separate the data protection infrastructure/solutions from the RMM platform and avoid integrated solutions. This will make it more difficult to compromise. Finally, utilize a backup solution that prevents ransomware or any malware from ever deleting the backup. Also make sure the backup software prevents a ransomware or malware infection by scanning both the backup and recovery streams.
"In many technology segments the centralization of computing processes provides great value. However, tight integration of RMM and data protection is an area where extreme caution is warranted when it comes to backup/recovery design," said Eran Farajun, Executive Vice President. "The density of high value data in many RMM environments is too alluring for criminal hackers to avoid, making it incumbent upon the MSP to architect a bulletproof data recovery model. For the strongest protection, services professionals are advised to disentangle RMM and backup to ensure system recoverability."
For more information about the threat of ransomware attacks to RMM systems and how to defend against these threats, visit: https://www.asigra.com/blog/part-1-how-rmm-has-become-latest-ransomware-attack-vector-compromises-backup-defenses.
- Hear what service providers have to say about working with Asigra: https://www.asigra.com/partnership.
- View the enhanced features of the Asigra Hybrid Cloud Partner Program at: https://www.crn.com/slide-shows/cloud/300101651/2018-partner-program-guide-5-star-cloud-vendors-part-1.htm/pgno/0/7
Trusted since 1986, Asigra technology is proudly developed in and supported from North America, providing organizations around the world the ability to quickly recover their data from anywhere through a global network of IT service providers. As the industry’s most comprehensive data protection platform for servers, virtual machines, endpoint devices, databases and applications, SaaS and IaaS based applications, Asigra lowers the total cost of ownership, reduces recovery time objectives, and eliminates silos of backup data by providing a single consolidated repository with 100% recovery assurance and anti-ransomware defense. The company has been recognized as a three-time Product of the Year Gold winner by Techtarget for Enterprise Backup and Recovery Software and positioned well in the market by analysts. For more information, visit www.asigra.com.