Hackers really don't take holidays, but they will take advantage of them.
Many of these cyberattacks will zero in on the service or help desk to gain entry into network systems.
Recovering accounts because of forgotten passwords is one of the high-risk events in the identity management life cycle, making the service desk a likely target during the holiday season.
During the holidays, service desks may be understaffed and under pressure.
There may be fewer people available to respond to threats and the service desk employees who are there may be too busy dealing with requests to stay vigilant against threats.
For hackers, all these factors create an ideal situation for launching service desk attacks.
At the beginning of the July 4th weekend in 2021, hackers targeted U.S. technology firm Kaseya, targeting hundreds of companies around the world with ransomware.
In March 2022, a Microsoft's employee account was compromised with a call to the service desk, which allowed hackers to steal code from Bing, Bing Maps and Cortana.
The service desk is typically the first point of contact for end users who are unable to login to their account or access needed company resources.
The service desk can perform or facilitate critical, high-risk functions such as resetting passwords, creating new accounts or eliminating multi-factor authentication for users who have been locked out of their accounts.
This capability of bypassing security policies is a double-edged sword: While serving as the first line of defense against hackers and point of contact for employees, the service desk also serves as a back door to your network through social engineering.
Hackers will impersonate service desk support to con end-users into providing not only their passwords, but also their two-factor authentication information.
They can also compromise accounts by sending alerts to targets that claim their device has been infected and that they must contact the service desk to fix the issue.
After researching employees who have personal information online and on social media to gain answers to security questions, hackers will impersonate a legitimate user and request a password reset.
One very recent example of hackers targeting the service desk of a company with social engineering is the MGM breach.
Tips To Keep Your Service Desk Safe Verify Identity of Callers Using Specops Secure Service Desk.Your service desk can reinforce secure user verification while reducing social engineering vulnerability.
Instead, Specops Secure Service desk uses other security measures, like sending one-time code to the mobile number associated with the employee's account or using existing authentication services such as Duo Security, Okta, PingID, and Symantec VIP to verify callers.
Your service desk staff should be educated about their vulnerabilities and the specific threats that target their department.
Equipping your service desk employees with tools like Specops uReset and Secure Service Desk can help ensure that they are presenting the best defense against hackers who want to take advantage of them during the holiday season.
Staples confirms cyberattack behind service outages, delivery issues.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 05 Dec 2023 17:10:20 +0000