eSentire is warning service providers and public sector and private industry to batten down their remote monitoring and management tools (RMM), as the Russia-linked LockBit gang has been using the technology to spread their malware.In a new blog post, the managed detection and response provider (MDR) is urging managed service providers (MSPs), managed security service providers (MSSPs), IT consultants and value-added resellers (VARs) to steel themselves for a possible LockBit attack.eSentire said that in recent months LockBit has attacked an MSP and two manufacturers and have hijacked the targets’ RMM tools or brought their own to spread ransomware to the MSP’s downstream customers and across the manufacturers’ networks. Two incidents occurred between February 2023 and June 2023, and a third attack took place in February 2022.Enforce two-factor authentication for all RMM access, VPNs and other key software systems. Ensure strong and unique passwords are used for RMM accounts and other key system accounts. Implement Access Control Lists (ACLs) for trusted IPs. However, if an end customer is roaming, they should connect to a VPN. Alternatively, MSPs could implement the use of client SSL certificates before customers can access the RMM system. Don't be too explicit about your software stack in job offerings. Because job offers are necessarily public facing, threat actors can use these to understand what software is employed in your company and craft personalized phishing lures that employees are less likely to question. Any employees with access to RMM software should receive additional instruction to scrutinize communications that appear to come from a provider of RMM services. Ensure your organization's IT environment, including your network, endpoints and logs (both on-premises and in the cloud) are protected by a 24/7 MDR solution. Know what level of response/remediation and incident handling is provided as part of your 24/7 MDR offering. Proactive threat intel operationalized – sweeps/proactive hunts to uncover malicious actors across customer organizations, after initial discovery. Ensure that your organization is doing regular and timely patching and updating of its software applications, operating systems and all third-party tools. Educate your clients about the importance of cybersecurity and work with them to establish security policies and guidelines for their employees.