
The RMM protocol: Remote, risky, and ready to strike.
From Only Malware in the Building by DISCARDED | N2K Networks
July 1, 2025 · 39 min · Season 1 · Episode 12
About this episode
The episode discusses the use of legitimate remote monitoring tools by cybercriminals in their attacks.
Please enjoy this encore of Only Malware in the Building. Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and our newest co-host, Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our hosts discuss the growing trend of cybercriminals using legitimate remote monitoring and management (RMM) tools in email campaigns as a first-stage payload. They explore how these tools are being leveraged for data theft, financial fraud, and lateral movement within networks. With the decline of traditional malware delivery methods, including loaders and botnets, the shift toward RMMs marks a significant change in attack strategies. Tune in to learn…
People in this episode
Host: Selena Larson
Guests: Dave Bittner, Keith Mularski
Topics covered
- cybersecurity
- remote monitoring
- data theft
- financial fraud
- cybercrime
- attack strategies
Keywords
- RMM protocol
- cyber threats
- malware
- email campaigns
- data theft
- financial fraud
- cybersecurity
Mentioned in this episode
Organizations: Proofpoint, Qintel
Places: New York
More episodes of Only Malware in the Building
- Trusting the wrong package. · June 2, 2026 · 47 min
- Mythbehavior under investigation. · May 5, 2026 · 45 min
- Who’s logging in? · April 7, 2026 · 43 min
- AI swarms and cyber alarms. · March 10, 2026 · 52 min
- When legit is the trick: Phishing’s sneaky new moves. · February 3, 2026 · 40 min
- Poisoned at the source. · January 6, 2026 · 45 min
Explore listener stats, chart rankings, contacts and more on the Only Malware in the Building podcast page.