Adversaries frequently abuse legitimate remote access software to control infected hosts and conduct all varieties of post-exploit activity. In fact, in recent months, Red Canary has detected NetSupport Manager—a common remote monitoring and management tool—more than any other threat. However, differentiating overtly malicious or suspicious use of this tool from potentially unwanted or even authorized use is exceedingly tricky. Even so, when we disqualify the unknowns and look only at confirmed malicious and suspicious abuse of this tool, it’s been a top 10 threat for two of the last three months and currently ranks 15th for the year.
NetSupport Manager is just one of dozens of examples of remote access software. Many of these are professionally developed and supported administration tools that are richly featured and intuitive to use. Further, they’re often overtly authorized—or at least tolerated—within an organization. Of course, adversaries are drawn to powerful tools with a veneer of legitimacy.
Join us for this webinar, and as an added bonus, we’ll showcase a free and open source tool—called Surveyor—that security teams can use to survey their environment for the presence of unwanted tooling.
Attendees will walk away from this webinar with:
- A deeper understanding of legitimate tools that are commonly misused
- Concrete strategies for detecting remote access software
- Guidance on differentiating legitimate use from abuse
- Ideas on how to respond when you detect malicious remote access tools