Menu
Products
Products
Backup
M365/Google Backup
RMM
Connect
Other Products:
CloudBerry Explorer CloudBerry Drive
Contact Us Request a Quote Request a Demo All Products
Products
Products
Backup and recovery
Backup
Innovative backup software and cloud-based disaster recovery for strong data protection.
Backup Free
Personal Backup
Backup Pro
For Business
Managed Backup
For MSPs and IT Departments
M365/Google Backup
Secure and reliable data protection for Microsoft 365 and Google Workspace.
Microsoft 365
from $1.1/month per user
Google Workspace
from $1.1/month per user
Remote Monitoring and Management
RMM
A reliable remote monitoring and management solution designed to streamline IT administration.
RMM
from $59.99/month per admin
RMM Community Edition
Free RMM software for MSPs
BUILT-IN
Managed Connect Included
MSP360 RMM includes the MSP360 Managed Connect license at no extra cost, allowing you to remotely access Windows devices directly from the web console.
Remote Access
Connect
A powerful tool to securely connect to desktops and servers and provide remote support.
Connect Free
Personal Use
Connect Pro
One license is tied to one device for initiating remote connections.
For Business
Managed Connect
For MSPs and IT Departments
Other Products:
CloudBerry Explorer CloudBerry Drive
Contact Us Request a Quote Request a Demo All Products
MSP Platform
Pricing
Pricing
Product type
Standalone products
Managed products
Products
Managed Backup
from $2.5 per month
M365/Google Backup
from $1.1/month per user
RMM
from $59.99/month per admin
Managed Connect
from $34.99/month per admin
Price Guarantee
Simple, Predictable Pricing
  • Price Guarantee
  • Pay-as-you-go
  • Volume Discounts
  • No Long-Term Contracts
What is Price Guarantee?
Resources
Resources
MSP360 Script Library
MSP University
Blog
Whitepapers and Assets
Videos
Webinars
Events
Customer Stories
Forum
Partners
Partners
Technology partners
AWS
Wasabi
Backblaze
Google Cloud
Microsoft Azure
IDrive e2
Partners
Advantage Partner Program
Resellers
Distributors
Become a Partner
Company
Company
About
Legal Information
Careers
Contact Us
Trust Center
Events
Free Trial
MSP360 Backup Backup for M365/Google MSP360 Connect MSP360 RMM
Downloads Backup Free CloudBerry Explorer CloudBerry Drive
Support US-Based Support My Cases Open a Case Knowledge Base Online Help
Contact Us 1-866-4-MSP360 1-415-301-7773
Sign In MSP360 Managed Backup Login CloudBerry Central
Blog Articles
Read MSP360’s latest news and expert articles about MSP business and technology
RMM-Remote-Desktop-Code-of-Conduct

RMM and Remote Desktop Vendors Need a Code of Conduct

RMM and Remote Desktop Vendors Need a Code of Conduct

RMM abuse climbed 277% in 2025, accounting for nearly a quarter of all incidents Huntress observed. Remote Desktop tools present much the same risk: whether built into an RMM platform or deployed separately, they can give attackers hands-on control of a machine. The tools built to keep IT running have become the tools attackers reach for first.

That trend is worth a closer look – not at the tools, but at who's responsible for how they're used. RMM and Remote Desktop solutions are doing exactly what they were designed to do. The problem is that the industry has never agreed on what responsible use should look like, from the vendors who build these tools to the MSPs who deploy them.

How the Threat Evolved

For most of cybersecurity’s history, attackers needed malware. They wrote it, defenders built signatures to catch it, and the cycle repeated. It was an arms race with two clear sides. That's not how it works anymore.

In 2026, attackers reach for tools that are already signed, already trusted, and already expected inside the environment. CISA made the sharper point back in a 2023 advisory: run as a portable executable, RMM needs no admin rights and slips past the very controls built to block unapproved software. Its traffic doesn't look like command-and-control. And defenders are conditioned to see it as routine. Why write malware that gets flagged when you can use the software the IT team already trusts?

It all results in two common targets. The first is the end user. A help-desk email or phone call dressed up as Norton, Geek Squad, or PayPal talks someone into running a remote access tool themselves. In the cases CISA traced: they have the victim log into their bank while connected, doctor the balance on screen to show a refund that never happened, and walk them through "returning" the difference.

The second target is the MSP – and there, the tool works as a multiplier. Attackers go after legitimate RMM users on purpose: compromise one MSP and you open the trust relationships across its network, reaching large numbers of its customers at once. One foothold, and the ransomware or data theft that follows lands on every client behind it.

What Responsible RMM and Remote Desktop Vendors Should Do

There are a number of basic, socially responsible steps we believe each vendor can follow.

  • Authenticate every user. If anyone can start using the software without creating an account or validating an email, you've handed attackers a ready-made anonymous tool. Before any agent deploys, the vendor should know who it's dealing with: a verified account with basic information must be created for every RMM and Remote Desktop user, especially for free editions.
  • Privileged actions behind stronger authentication. Not all actions carry the same weight. Base operations, like device discovery or system monitoring, are one thing. Some advanced actions require extra care. Rebranded RMM agents can look like anything, including Zoom or Adobe Acrobat. So before anyone white-labels the software, a vendor should confirm there's a real person and a legitimate MSP behind the registered domain.
  • Give people a way to report abuse. When someone spots a potential scam or abuse, there has to be somewhere to say so – an obvious channel that reaches a person, not a dead-end inbox.
  • Monitor for unusual behavioural patterns. Legitimate admin behavior has logic, and deviations from it tend to show. Geography is a telling example: an admin in Oklahoma running twenty machines scattered around the globe doesn't add up, and that's grounds to suspend an account.
  • Cooperate with the wider community. Abuse isn't a problem any one vendor solves alone. Engaging with shared resources like LOLRMM, cooperating on CISA reporting, and supporting takedown efforts raise the floor for everyone. The opposite – staying quiet about known abuse to protect download numbers – lowers it.

How MSP360 Approaches This

Playing our part, we built MSP360 RMM and MSP360 Connect to hold to these standards.

  • Access to the MSP360 Management Console requires a verified account, including for users of the free Community Edition. This creates a layer of accountability before someone can begin using MSP360 RMM and MSP360 Connect.
  • We also maintain a clear channel for reporting suspected abuse. Reports submitted through the MSP360 contact form are reviewed by a real person, so customers, security researchers, and members of the wider community have a direct way to flag potentially malicious activity.
  • Account activity is monitored for behavioural anomalies, including unusual geographic patterns. A login pattern that does not align with normal behaviour can warrant further investigation and, where necessary, action against the account.

This list is not a complete solution to RMM and Remote Desktop abuse. Besides, attackers are constantly adapting. But on MSP360’s side, we monitor emerging threats, follow industry research, and review how our tools are used in the wild. We use these insights to enhance our safeguards, reduce anonymous misuse, respond promptly to reported concerns, and remain accountable for the tools we provide.