Using Legitimate Remote Management Systems, Hackers Infiltrate Federal Agencies

 

Last summer, several Federal Civilian Executive Branch (FCEB) agencies were breached across several states of the US through a clever hacking operation that employed two off-the-shelf remote monitoring and management systems (RMMs). 
A joint advisory was released on Jan. 25, 2013, by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC). This joint advisory shed light on the attacks in detail. It also warned the cybersecurity community of the misuse of commercial RMM software. It also provided mitigation strategies as well as indicators of potential compromise. 
To monitor and manage client networks and endpoints remotely, IT service providers use Remote Monitoring and Management tools (RMMs). According to the US government, hackers can bypass typical software control policies on victim computers using the same software to evade authorization requirements. 
Hackers Used RMMs to Breach the Government’s Security 

As part of its retrospective analysis of Einstein, a system CISA deploys across its FCEB agencies that detects intrusions, CI

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: