When enterprise software can be used to prevent intrusions, why use malware This article explores malware threat actors. ? Threat actors essentially adopted that mindset last year, moving away from traditional malware and toward the abuse of remote monitoring and management (RMM) tools.

According to the company's 2026 Cyber Threat Report, Huntress researchers found that RMM abuse had increased by an astounding 277% year over year. All industries experienced a sharp increase in malicious RMM tool deployments, but last year's activity was highest in the technology and healthcare sectors. In contrast to traditional malware, threat actors prefer these tools because they are almost universal in enterprise settings and the malicious activity blends in with legitimate RMM usage, making detection more difficult for security teams.

Related: Leading Cyber Defenses Increase CO2 Emissions According to Linares, third-party security firms should concentrate on RMMs and establish restrictions and approve lists to stop unauthorized tools from being installed in clients' networks. However, it is more difficult to identify malicious use of authorized RMM tools. Although early warnings can be obtained through alerts for suspicious identity-related activity, Linares notes that attacks of that nature typically proceed quickly at that point.

Other red flags include the use of residential proxies and threat actors trying to log in from various locations to check for geofencing restrictions. However, according to Linares, a large portion of the abuse issue lies with the RMM developers and vendors.