Holiday Hackers: How to Safeguard Your Service Desk

Hackers really don't take holidays, but they will take advantage of them.
Many of these cyberattacks will zero in on the service or help desk to gain entry into network systems.
Recovering accounts because of forgotten passwords is one of the high-risk events in the identity management life cycle, making the service desk a likely target during the holiday season.
During the holidays, service desks may be understaffed and under pressure.
There may be fewer people available to respond to threats and the service desk employees who are there may be too busy dealing with requests to stay vigilant against threats.
For hackers, all these factors create an ideal situation for launching service desk attacks.
At the beginning of the July 4th weekend in 2021, hackers targeted U.S. technology firm Kaseya, targeting hundreds of companies around the world with ransomware.
In March 2022, a Microsoft's employee account was compromised with a call to the service desk, which allowed hackers to steal code from Bing, Bing Maps and Cortana.
The service desk is typically the first point of contact for end users who are unable to login to their account or access needed company resources.
The service desk can perform or facilitate critical, high-risk functions such as resetting passwords, creating new accounts or eliminating multi-factor authentication for users who have been locked out of their accounts.
This capability of bypassing security policies is a double-edged sword: While serving as the first line of defense against hackers and point of contact for employees, the service desk also serves as a back door to your network through social engineering.
Hackers will impersonate service desk support to con end-users into providing not only their passwords, but also their two-factor authentication information.
They can also compromise accounts by sending alerts to targets that claim their device has been infected and that they must contact the service desk to fix the issue.
After researching employees who have personal information online and on social media to gain answers to security questions, hackers will impersonate a legitimate user and request a password reset.
One very recent example of hackers targeting the service desk of a company with social engineering is the MGM breach.
Tips To Keep Your Service Desk Safe Verify Identity of Callers Using Specops Secure Service Desk.Your service desk can reinforce secure user verification while reducing social engineering vulnerability.
Instead, Specops Secure Service desk uses other security measures, like sending one-time code to the mobile number associated with the employee's account or using existing authentication services such as Duo Security, Okta, PingID, and Symantec VIP to verify callers.
Your service desk staff should be educated about their vulnerabilities and the specific threats that target their department.
Equipping your service desk employees with tools like Specops uReset and Secure Service Desk can help ensure that they are presenting the best defense against hackers who want to take advantage of them during the holiday season.
Staples confirms cyberattack behind service outages, delivery issues.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 05 Dec 2023 17:10:20 +0000


Cyber News related to Holiday Hackers: How to Safeguard Your Service Desk

Holiday Hackers: How to Safeguard Your Service Desk - Hackers really don't take holidays, but they will take advantage of them. Many of these cyberattacks will zero in on the service or help desk to gain entry into network systems. Recovering accounts because of forgotten passwords is one of the ...
1 year ago Bleepingcomputer.com
8 Strategies for Defending Against Help Desk Attacks - COMMENTARY. Defensive security techniques often lag offensive attack tactics, opening companies to heightened risk from rapidly evolving threats. An alarming case in point is the help desk, one of today's most exposed organizational Achilles' heels. ...
11 months ago Darkreading.com
Preparing for the Holiday Ransomware Storm - Particularly in a subset of industries, these teams find their organizations squarely in the crosshairs of cybercriminals during the holiday period, looking to profit. These industries' increased time sensitivity, criticality, and importance during ...
11 months ago Securityboulevard.com
A Cybersecurity Risk Assessment Guide for Leaders - Now more than ever, keeping your cyber risk in check is crucial. In the first half of 2022's Cyber Risk Index, 85% of the survey's 4,100 global respondents said it's somewhat to very likely they will experience a cyber attack in the next 12 months. ...
1 year ago Trendmicro.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
2 months ago Aws.amazon.com
Securing helpdesks from hackers: What we can learn from the MGM breach - In the wake of the MGM Resorts service desk hack, it's clear that organizations need to rethink their approach to security, particularly when it comes to verifying the identity of employees contacting the helpdesk. In this article, we'll explore how ...
10 months ago Bleepingcomputer.com
UAC-0099 Hackers Using Old WinRAR Flaw in New Cyberattack on Ukraine - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
11 months ago Hackread.com
Hackers Stole $59 Million of Crypto Via Malicious Google and X Ads - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
11 months ago Hackread.com
Ubisoft Hackers Scrambled for 900GB of Data Before Foiled - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
11 months ago Hackread.com
Hackers Attack UK's Nuclear Waste Services Through LinkedIn - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
11 months ago Hackread.com
Hackers Access Customer Info in Latest MongoDB Data Breach - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
11 months ago Hackread.com
Adobe ColdFusion Flaw Used by Hackers to Access US Govt Servers - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
11 months ago Hackread.com
US Man Jailed 8 Years for SIM Swapping and Apple Support Impersonation - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 year ago Hackread.com
What is Biometric Security? Your Body Becomes Your Key - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
10 months ago Hackersonlineclub.com
Is it possible to use an external SSD to speed up your Mac - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
10 months ago Hackread.com
Defend Your Business: Testing Your Security Against QakBot and Black Basta Ransomware - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
6 months ago Securityboulevard.com
Chinese Hackers Exploiting VMware 0-Day Flaw Since 2021 - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
9 months ago Gbhackers.com
Hackers Exploit YouTube Videos to Deliver Malware - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
9 months ago Cybersecuritynews.com
State-Sponsored Hackers Employ ChatGPT Cybercrime Schemes - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
9 months ago Cybersecuritynews.com
Hackers Trick Users to Install Malware Via Weaponized PDF - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
8 months ago Gbhackers.com
Microsoft Executives' Emails Breached by Russia Hackers - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
10 months ago Hackread.com
Hackers Crack Tesla Twice, Rake in $1.3 Million at Pwn2Own Automotive - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
10 months ago Hackread.com
Chained Exploits, Stolen VPN Access: Hackers Target Ivanti Users Despite Patches - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
9 months ago Hackread.com
Hackers Leak Alleged Partial Facebook Marketplace Database - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
9 months ago Hackread.com
Russian Hackers Hit Mail Servers in Europe for Political and Military Intel - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
9 months ago Hackread.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)