Series of Unfortunate Events Summary: This analysis examines the increasing trend of threat actors abusing Remote Monitoring and Management (RMM) tools in their attacks. The report highlights a specific pattern where attackers use PDQ or GoTo Resolve to deploy secondary RMM tools like ScreenConnect or SimpleHelp. Multiple examples are provided, including a real estate company compromised through a phishing email, an investment firm attacked via a malicious download, and a car dealer targeted through multiple RMM installations. The report also discusses various social engineering lures used by attackers, such as holiday-themed messages and fake bid transcripts. It emphasizes the importance of a managed Security Operations Center (SOC) in detecting and mitigating these threats, and provides recommendations for businesses to prevent RMM abuse.