6 Ways That Your RMM or PSA Tools Can Be Compromised
If you’re an MSP using a remote monitoring and management (RMM) or professional services automation (PSA) super-tool, like Kaseya, Continuum, Connectwise, Autotask, etc., you probably did a good amount of research before choosing which platform or program would work best for your business. And you likely chose the tool that would make your life—as well as the life of your technicians, and ultimately, your clients—easier.
Today’s RMM and PSA tools are offering breakthrough advances in IT automation and off-site access and controls:
- Kaseya: Allows MSPs to remotely monitor, analyze, and interact with client systems and resources, as well as cloud and network applications, using custom tools and views to address behavioral and configuration issues.
- Continuum: Offers advanced remote monitoring and management, as well as a 24/7 network operations center (NOC) and the Continuum Vault, which allows for the protection and recovery of critical stored data.
- N-Able: Robust platform for automation, management, monitoring, and reporting. Features include custom report scheduling and delivery, cross-client management tools, and advanced monitoring and alert settings.
- ConnectWise: A leading business management platform allowing admin users to centralize information, organize all issue-related data, and automate and track tasks like billing and time tracking.
- Autotask: An IT business management solution that encourages efficiency through their motto, “Work smarter not harder.” Offers centralized data management and the automation of tasks like tech scheduling, billing, reporting, and more.
How could someone hack my RMM or PSA?
You love your RMM or PSA because it gives you incredible remote access to your clients’ systems and resources. Unfortunately, a would-be hacker loves it for that same reason. If they’re able to login to your super tool, the results could be disastrous. How would they be able to get in?
1. Remote Access – Former Employees
When an employee is terminated (or quits, retires, etc.), the IT department often has to manually revoke that user’s access to numerous systems and applications. If that employee’s access isn’t immediately revoked to the RMM or PSA tool, they could easily steal data or erase critical information.
2. Remote Access – Malware on PC or Other Machine
If a computer that has been compromised with malware is used to set up a component of the RMM or PSA tool (for example, during Kaseya’s setup process, the MSP must use their client’s computer), the login data could be captured or collected and used to hack in later.
3. Brute Force Attack
Using a program or script, the hacker enters every possible password until they gain entry, usually starting with the easiest-to-guess first (for example, “Password2014”).
4. Dictionary Attack
A hacker uses a script or program to cycle through combinations of commonly used words and numbers in order to discover the needed password.
5. Key Logger Attack
A hacker uses a program to track all of a user’s keystrokes, capturing login names, passwords, PINs, and more.
6. Less Sophisticated Attacks
You don’t have to be a pro hacker to maliciously break into a RMM or PSA tool that’s protected only by a password. Rogue users can guess simple or common passwords, use passwords that have been over-shared within a department or organization, and even obtain passwords from eyeing the cubicle sticky note or Word doc many employees list theirs on.
How can I make sure my RMM or PSA is secure?
With two-factor authentication (2fa). You’ll notice all the above hacker scenarios rely upon the hacker obtaining the RMM or PSA password. With 2fa, in order to log in, a user must present not only a password, but also another security factor, like a one-time access code from a hardware token or secure mobile app. This means that even if a hacker is able to get their hands on a needed password, they won’t be able to access the system because they won’t be able to enter the second security factor.