Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Remote access software that has been historically associated with attack campaigns should be monitored for new activity. An attacker can leverage legitimate remote access tools to manage command-and-control (C&C) communication.
The system might change the risk score for this detection.
Kill Chain
Risk Score
65
Legitimate remote access and remote monitoring and management (RMM) software such as AnyDesk, TeamViewer, and LogMeIn have been frequently deployed by threat actors during attack campaigns to establish an interactive C&C channel with a compromised device.
The attacker installs a legitimate software instance on the compromised device and acquires a passcode for the software. With the passcode, the attacker is able to interact with the compromised device or leverage software features that install other tools to collect data from the victim.
Block or limit outbound traffic to sites and services associated with remote access software
Monitor for devices that are running unauthorized remote access software
Quarantine the device while checking for indicators of compromise
Implement controls that prevent unauthorized applications from running on devices
Monitor and investigate unusual activity to minimize potential damage
