Action1 unveils AI-based threat actor filtering to prevent illicit usage of its service

Action1 announced that it has upgraded its service with AI-based detection of abnormal user behavior and automated blocking of threat actors.

With this upgrade, the company aims to combat the growing threat of scams and cyberattacks in which hackers misuse legitimate tools to deploy ransomware in corporate environments or connect to individuals’ computers to steal money and data.

The Action1 enhancement helps ensure that any attempt at misuse is identified and terminated before cybercriminals accomplish their goals. It scans user activity for suspicious patterns of behavior, automatically suspends potentially malicious accounts, and alerts Action1’s dedicated security team to investigate the issue. Consequently, this upgrade will help assure that Action1 is used only for good reasons. Meanwhile, thousands of IT professionals use the platform to automate OS and third-party patching and endpoint management.

In 2021, 23,903 people reported losing more than $347 million due to tech support scams, many of which involved well-recognized remote access tools, according to the FBI. In 2022, RMM tools have been abused by numerous ransomware groups, and even a single group of this kind can breach over 90 organizations.

“The accessibility of remote access and remote monitoring tools eliminates the need for malicious actors to invest their own time and effort into developing tools for managing attacks, facilitating cybercrime such as ransomware,” said Mike Walters, VP of Vulnerability and Threat Research at Action1. “We think that vendors should take more action to prevent abuse of their solutions as a part of the common struggle against this threat.”