“. abuse of trusted it tools ( rmm and remote access ) here ' s a threat that should keep you up at night : attackers aren ' t breaking down your door anymore. they ' re using a key you handed them. remote monitoring and management ( rmm ) platforms like screenconnect were built t…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
90%
“what proactive defense looks like : huntress focuses detection on the steps before encryption : lateral movement, credential abuse, data staging, and pre - ransom tradecraft across edr, itdr, and siem. ransomware canaries combined with a 24 / 7 soc mean that when something is cau…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
82%
“, firewall, and endpoint logs to surface phishing - driven lateral movement before it becomes a business - impacting event. instead of just checking who clicked on a phishing link, let ' s start looking at the bigger picture : how much damage a single click could actually cause b…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1657Financial Theft
70%
“, firewall, and endpoint logs to surface phishing - driven lateral movement before it becomes a business - impacting event. instead of just checking who clicked on a phishing link, let ' s start looking at the bigger picture : how much damage a single click could actually cause b…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1528Steal Application Access Token
51%
“nothing for an endpoint agent to catch. attackers just log in. with stolen or purchased credentials readily available, adversaries increasingly skip the hard part and authenticate as legitimate users. from there, they move quietly : abusing inbox rules to intercept and reroute fi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1078.004Cloud Accounts
36%
“nothing for an endpoint agent to catch. attackers just log in. with stolen or purchased credentials readily available, adversaries increasingly skip the hard part and authenticate as legitimate users. from there, they move quietly : abusing inbox rules to intercept and reroute fi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
The threat landscape has shifted. Here's what cybersecurity leaders need to know about RMM abuse, AI-powered attacks, ransomware, and identity threats in 2026.