COMMENTARY. Defensive security techniques often lag offensive attack tactics, opening companies to heightened risk from rapidly evolving threats.
An alarming case in point is the help desk, one of today's most exposed organizational Achilles' heels.
Attacks on the help desk are an obvious offensive play by cybercriminals: Malicious actors want credentials to penetrate networks and move laterally, and help desks dispense credentials and IT equipment to users experiencing password lockouts, lost devices, and so on.
Compromising the help desk can give attackers access to sensitive information that can fuel additional company breaches.
It stands to reason that the help desk is ripe for attacks.
While many companies rigorously try to secure the network perimeter, end users, emails, and almost every frontier of risk, the help desk often gets lost in the mix.
Many companies have no process for validating the identities of employees who contact the help desk for assistance with accessing their devices and data.
Many help desks are outsourced, and many rarely ask for any validation of the user beyond their name.
Help desk procedures have escaped the security rigor applied to other areas of the threat surface.
It's predictable that help desks have become a focus for threat actors.
Worse, attackers are taking it a step beyond, wielding generative artificial intelligence tools against anticipated advances in defensive tactics.
AI-Based Help Desk Attack Tactics in the Spotlight Help desk social engineering attacks are a common vector for breaches and ransomware attacks that can lead to devastating consequences.
Much of the information needed to wage social engineering attacks is easily available: social media sites like LinkedIn provide a wealth of information about employees, including their names, positions, and office locations.
Lax help-desk validation procedures make it easy for attackers to impersonate employees requesting password resets, for example.
Even though smaller companies and those with onsite help desks may be more likely to recognize employees' voices, deepfakes can trip them up.
How to Protect the Help Desk from Social Engineering It's essential to create robust help-desk procedures to validate an employee's identity before resetting passwords or issuing credentials.
Direct the user to use their last password and then reset to a new password using the prescribed password conventions.
For issues where you cannot send an MFA push, initiate a video call with the user displaying their government-issued ID and their computer and its serial number.
Ensure that sensitive data like passwords, crash dumps, and session tokens are not left in the service desk platform.
A Never-Ending Battle Worth Fighting Help desks are an obvious line of vulnerability from a hacker's point of view.
This Cyber News was published on www.darkreading.com. Publication date: Thu, 21 Dec 2023 18:00:07 +0000