CISA Warns About Remote Access Tools Being Used in Cyberattacks Targeting Businesses

As a business owner, you rely on secure, reliable IT tools to keep your operations running smoothly. But recent warnings from federal agencies show that some of these same tools are now being exploited by cybercriminals. If your organization uses remote IT support, it is critical to stay informed and protected.

In early 2023, the Cybersecurity & Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) issued joint Alert AA23-025A. The alert highlights a growing threat: attackers using legitimate Remote Monitoring and Management (RMM) tools, such as ConnectWise Control (formerly ScreenConnect) and AnyDesk, to carry out financial and data breaches.

How the Scam Works

These attacks typically start with a phishing email that looks harmless. The email includes a link to an RMM tool under the guise of tech support or account assistance. Once the user clicks the link, the attacker can remotely access the system using tools that are usually trusted by IT departments. Because the software is legitimate and often used in business settings, it may bypass traditional security controls without raising red flags.

Cybercriminals have also been using fake domains that resemble well-known brands like Geek Squad or Norton to make their phishing attempts look more credible. Domain names such as nhelpcare.cc and nhelpcare.info are examples cited in the alert.

What You Can Do to Protect Your Business

At Louisville Geek, we take threats like these seriously and work with our clients to reduce risk at every level. Whether you manage your own technology or partner with an MSP, the following steps are essential:

• Filter inbound emails to block phishing attempts before they reach employees
• Actively monitor RMM usage to identify unusual or unauthorized activity
• Use application controls to block the execution of unapproved RMM software
• Limit RMM access to secure, approved methods such as VPN-only connections
• Close common RMM-related ports at the network perimeter
• Regularly review system logs for signs of suspicious activity
• Educate your team about phishing tactics and the importance of not clicking on unexpected links or attachments

What the Vendors Are Saying

Both ConnectWise and AnyDesk have released security guidance in response to these threats. Their recommendations include:

• Only downloading RMM tools from official and trusted sources
• Being cautious of urgent pop-up messages or unsolicited phone calls
• Never giving control of your system to someone you do not know
• Refusing to log into bank accounts or enter passwords while connected remotely

Need Help Securing Your RMM Tools?

If you’re unsure whether your RMM software is configured securely, or if you suspect it may have been compromised, Louisville Geek is here to help. Our team can assess your current setup, recommend improvements, and ensure you’re using remote access tools safely and responsibly.

Reach out to our team to speak with an expert and ensure your remote access tools are secure.

Technology should give you peace of mind, not added risk. Partner with a team that prioritizes your security as much as you do.