Remote access and management tools have become non-negotiable for modern businesses. Organizations worldwide depend upon these solutions to maintain operational continuity, support distributed workforces, and manage complex IT infrastructures efficiently. However, the same capabilities that make these tools invaluable to organizations can also make them attractive to attackers.

Over the last four years since its launch, LogMeIn Resolve has rapidly become a leading solution for unified endpoint management, helping IT teams work more efficiently. However, we're seeing a troubling pattern across the remote management industry. Cybercriminals are weaponizing legitimate remote management software by posing as legitimate businesses and misusing these tools to achieve their malicious goals.

GoTo takes these threats seriously and continues to evolve its fraud detection, purchase verification, and usage monitoring practices in an effort to protect customers and promote high security standards. In addition to our proactive measures, it’s also important that business and technology leaders understand these trends and take steps to further safeguard their employees and businesses.

The Escalating Threat of Phishing Attacks

 Phishing attacks represent one of the most prevalent and damaging cybersecurity threats for organizations and their users today. Modern phishing campaigns do not resemble the clumsy emails of the past. Today's attacks are targeted, researched, and convincing, and exploit human psychology rather than technical vulnerabilities. This makes them difficult to prevent through technical security measures alone.

The complexity and sophistication of these attacks have increased. Malicious actors craft convincing communications that impersonate trusted individuals, deceiving employees into sharing credentials, downloading malicious software, or granting unauthorized access to corporate systems. Frequent tactics include spear-phishing, which targets specific individuals within organizations, and business email compromise schemes that impersonate executive leadership to authorize fraudulent actions.

Once an attacker has obtained credentials or convinced someone to install software, they're inside the perimeter. From there, they can move laterally, escalate privileges, and establish persistent access. Often by the time the attacker is detected, they could have been in the environment for weeks or months acting on their goal of data theft, ransomware deployment, or operational disruption. These schemes have cost organizations billions and not because the technology failed, but because an employee made a reasonable mistake.

So, if technology alone can’t stop these threats, what steps should organizations take? Businesses need to take a multi-prong approach to best mitigate these threats ranging from initial points of failure (e.g. employees) to ongoing monitoring and improvement. Here are five areas IT and security leaders need to tackle to proactively defend against phishing attacks.

1. Employee Training: Keep teams sharp with ongoing phishing awareness training and use real-world examples so people can recognize what to watch for. Run simulations regularly, and make sure there's an easy, visible way for employees to report suspicious emails and other phishing attacks. And when risky behavior occurs, use microtraining sessions to give instant feedback.
2. Email & Endpoint Defenses: Get the basics locked down first, including Sender Policy Framework (SPF), Domain-Keys Identified Mail (DKIM), Domain-based Message Authentication, and Reporting and Conformance (DMARC). Then layer on advanced email security that can sandbox attachments, rewrite suspicious URLs, and catch impersonation attempts before they hit inboxes. Block risky file types (e.g., .exe), roll out phishing-resistant Multi Factor Authentication (MFA), and make sure to apply browser filtering, DNS protection, and Endpoint Detection and Response (EDR) on all endpoints. Finally, add those "EXTERNAL EMAIL" banners and alerts to protect against domain-spoofing and increase user awareness.
3. Policies, Verification Rules, & Access Controls: Create clear policies around email safety and how people should verify things before acting. Close uncontrolled entry points with policies prohibiting access to things like personal email accounts and file sharing sites from corporate assets. For sensitive requests, require out-of-band confirmation (e.g., a phone call, Slack message, or other tool outside of email). Finally, apply least-privilege wherever possible, lock down remote work setups properly, and hold vendors and partners to similar standards.
4. Incident Response & Containment: Have a documented playbook ready for when (not if) phishing happens. The plan must provide clear steps to identify, isolate, and remediate the problem. Automate where possible—quarantining messages, blocking senders, triggering alerts—using Security Orchestration, Automation, and Response (SOAR) tools to speed things up. And practice regularly with IT, security, and leadership, so everyone knows their role when things go sideways.
5. Continuous Monitoring, Testing, & Improvement: Keep an eye on the important phishing metrics such as click rates, report rates, and compromised accounts. When gaps are identified, adjust training or tighten controls. Monitor logs across identity systems, email, and network activity to catch unusual patterns early. And of course, stay current with threat intelligence updates, run red-team exercises, and review vulnerabilities periodically.

The Growing Misuse of Remote Management Technologies

Remote access and remote monitoring and management (RMM) use has experienced substantial growth as organizations embrace flexible work arrangements and seek scalable solutions for managing dispersed IT assets. These technologies give IT administrators extraordinary control, with the ability to configure systems, deploy patches, troubleshoot issues, and manage security across the entire enterprise from anywhere.

Unfortunately, this powerful functionality is exactly what makes these tools attractive to attackers. The growth in news articles, cybersecurity agency warnings, and security alerts point to the fact that threat actors are increasingly leveraging legitimate remote access and RMM tools—acquired through fraudulent means—to deploy attacks against unsuspecting organizations. Specifically, with these tools in hand, they’re able to bypass security controls, penetrate infrastructures, and establish command-and-control channels for malicious activities.

The attackers' methodology can range from social engineering schemes to deploy software to brute-force techniques, after which the threat actors gain control over compromised systems. By utilizing legitimate remote monitoring and management software rather than custom malware, these threat actors can often evade detection by traditional security solutions that focus on identifying known malicious tactics.

LogMeIn Resolve: Addressing Industry Challenges Responsibly

As a provider of remote management technology with Resolve, GoTo is acutely aware of this changing threat landscape. We take steps designed to meet these threats head on at every stage of the customer lifecycle with actions across prevention, detection, and response, including:

• Prevention: We employ mechanisms to identify fraudsters during our customer registration process and to prevent them from gaining access to our technology.
• Detection: We analyze various aspects of how customers interact with our service in an effort to identify potentially abusive or anomalous system usage and suspicious purchasing patterns. We also offer ways for customers and individuals to report their concerns to us, such as abuse@logmein.com.
• Response: If we have concerns that fraudsters may be using our service, we act. We immediately suspend the account and investigate any concerns.

GoTo’s Ongoing Commitment 

GoTo remains committed to protecting our customers and the wider IT ecosystem. As abuse tactics evolve, so do our defenses. We continuously update our fraud prevention and abuse detection practices in an effort to stop bad actors quickly and effectively.

If you suspect misuse of our platform or believe your organization’s security may be at risk, please contact abuse@logmein.com so our team can investigate immediately. By working together, we can take steps to help Resolve remain a reliable, secure, and integral part of your IT operations. Actionable Best Practices for Resolve Administrators While

GoTo is proactive in protecting our environment and monitoring all accounts, we strongly encourage customers to take the following steps to maximize security in your own deployment:

• Enforce Multi-Factor Authentication (MFA): Require MFA for all users and administrators accessing Resolve.
• Implement Role-Based Access Controls: Grant the minimum level of access permissions necessary for daily operations.
• Monitor and Review Audit Logs Regularly: Enable logging and set up alerts for unusual activity—such as off-hours logins, failed authentication attempts, or bulk deployment actions.
• Train Your Staff and End Users: Make sure employees are aware of social engineering risks, common attacker tactics, and how your organization processes legitimate remote support requests.
• Integrate with Your SIEM: Feed Resolve logs and alerts into a Security Information and Event Management (SIEM) or security operations center workflow for additional threat detection.

For questions on configuring any of the security features mentioned, visit our support site at support.logmein.com/resolve.