IT helpdeskers increasingly targeted by cybercriminals The Register

It's not a novel phenomenon, nor is it being carried out in a very sophisticated way, Red Canary's latest threat report notes, yet the trend is growing and miscreants are seeing greater rates of success.
Keen infosec watchers will remember last year that the ransomware attack at MGM Resorts was, per the attacker's own account of the situation, orchestrated by phishing an IT helpdesk worker in just the space of 10 minutes.
The same cybercriminals, tracked by the Scattered Spider moniker, used the same tactics with a spate of other Okta customers too, in what became one of the biggest security sagas of 2023.
Red Canary says these types of attacks are usually pulled off by cybercrims phoning an organization's helpdesk while pretending to be an employee.
They often request changes to be made to identity and access management controls so they can assume control of a targeted organizational user account - tasks that are routinely carried out by helpdesk staff.
Once the attacker registers their own mobile device to the account, enabling them to completely control the authentication chain and cement their insider access, later stages of the operation can take place.
They can identify key targets such as other, more privileged users, steal data from SaaS apps, switch to cryptomining via cloud resources, or embark on destructive attacks.
Researchers continue to see cases of helpdesk staff being imitated by attackers to phish other employees - a role reversal to the aforementioned trend.
Working under the guise of a perceived sense of legitimacy, trustworthiness, and authority, attackers can request access and multi-factor authentication codes from users which can then be used to hijack accounts.
From there, later-stage attacks similar to the ones when the roles are reversed can be carried out.
Red Canary suggests that more thoughtful ways of combating these types of attacks need to be deployed within organizations.
User and staff education programs are already widespread in many organizations, but it's clear the same problems recur and are becoming increasingly taxing.
Requiring employees to verify their identity by sending information that couldn't easily be sourced by remote attackers, such as the serial number of their company-issued computer.
Included in this is personally identifiable information that again couldn't be sourced online.
Establishing a specific passphrase for organization staff, a shared secret, to use to verify they are actually the user behind the screen.
Verify identities via video calls, with helpdesk staff having a visual directory of all staff members to use as a reference.
Ask questions about employees' working behavior such as what apps they had open at a specific time, or what time they logged in that morning.
Verify staff members' identity through a third party such as their manager, who may be in the office with them to verify in person that they made the support request.
As always when it comes to phishing, the first port of call for any organization should be to implement a robust MFA policy.
As the rise in helpdesk phishing attacks shows, they can't be relied upon solely and almost always have some way to circumvent them.


This Cyber News was published on go.theregister.com. Publication date: Fri, 15 Mar 2024 19:13:07 +0000


Cyber News related to IT helpdeskers increasingly targeted by cybercriminals The Register

CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
6 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
6 years ago
CVE-2023-52780 - In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm ...
7 months ago Tenable.com
CVE-2024-47716 - In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP ...
2 months ago Tenable.com
IT helpdeskers increasingly targeted by cybercriminals The Register - It's not a novel phenomenon, nor is it being carried out in a very sophisticated way, Red Canary's latest threat report notes, yet the trend is growing and miscreants are seeing greater rates of success. Keen infosec watchers will remember last year ...
9 months ago Go.theregister.com
IT helpdeskers increasingly targeted by cybercriminals The Register - It's not a novel phenomenon, nor is it being carried out in a very sophisticated way, Red Canary's latest threat report notes, yet the trend is growing and miscreants are seeing greater rates of success. Keen infosec watchers will remember last year ...
9 months ago Theregister.com
The old, not the new: Basic security issues still biggest threat to enterprises - Attacks on critical infrastructure reveal industry faux pas. Ransomware attacks on enterprises saw a nearly 12% drop last year, as larger organizations opt against paying and decrypting, in favor of rebuilding their infrastructure. X-Force analysis ...
9 months ago Helpnetsecurity.com
Abnormal Security Shares Examples of Attacks Using Generative AI - Abnormal Security has published examples of cyberattacks that illustrate how cybercriminals are beginning to leverage generative artificial intelligence to launch cyberattacks. In one example, a cybercriminal posed as a customer service ...
11 months ago Securityboulevard.com
Law Firms and Legal Departments Get Singled Out For Cyberattacks - Cyberattackers are doubling down on their attacks against law firms and corporate legal departments, moving beyond their historical activity of hacking and leaking secrets to targeting the sector with financial attacks, such as ransomware and ...
1 year ago Darkreading.com
CVE-2024-26706 - In the Linux kernel, the following vulnerability has been resolved: parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data ...
8 months ago Tenable.com
SentinelLabs Details Discovery of FBot Tool for Compromising Cloud Services - SentinelLabs today published a report identifying a Python-based tool that cybercriminals are using to compromise cloud computing and software-as-a-service platforms. Alex Delamotte, senior threat researcher at SentinelLabs, said FBot is used to take ...
11 months ago Securityboulevard.com
Cybercriminals Hesitant About Using Generative AI - Cybercriminals are so far reluctant to use generative AI to launch attacks, according to new research by Sophos. Examining four prominent dark-web forums for discussions related to large language models, the firm found that threat actors showed ...
1 year ago Infosecurity-magazine.com
Malware Takedowns Show Progress, But Fight Against Cybercrime Not Over - Takedown of malware infrastructure by law enforcement has proven to have an impact, albeit limited, on cybercriminal activity, according to threat intelligence provider Recorded Future. The Emotet takedown, led by Europol and Eurojust in 2021. The ...
11 months ago Infosecurity-magazine.com
Google Cloud Report Spotlights 2024 Cybersecurity Challenges - As the New Year dawns, a cybersecurity report from Google Cloud suggests that while there are many challenges ahead, it will also become simpler for cybersecurity teams to leverage artificial intelligence to better defend IT environments. John ...
11 months ago Securityboulevard.com
CVE-2023-52598 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
Is Your Online Store Hacked in a Carding Attack? - Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using carding attacks as we gear up for the holiday season shopping. Online companies selling products or services are struggling with the growing ...
1 year ago Cybersecuritynews.com
Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation and Information Sharing - As we reflect on 2022, we've seen that malicious actors are constantly coming up with new ways to weaponize technologies at scale to cause more disruption and devastation. The dangers are showing up everywhere - and more frequently. The volume and ...
1 year ago Securityweek.com
Mimecast Acquires Elevate Security to Personalize Controls - Mimecast this week announced it has acquired Elevate Security as part of an effort to make it simpler to apply cybersecurity controls based on actual end-user behavior. David Raissipour, chief technology and product officer at Mimecast, said Elevate ...
11 months ago Securityboulevard.com
BlackCat Strikes Back: Ransomware Gang "Unseizes" Website, Vows No Limits on Targets - The BlackCat ransomware group, also known as Alphv, has started taking action in response to the recently announced law enforcement operation that involved website seizures and the release of a decryption tool. BlackCat's Tor-based leak website ...
1 year ago Securityweek.com
Microsoft Returns to the Top Spot as the Most Imitated Brand in Phishing Attacks for Q4 2023 - The latest Brand Phishing Report from Check Point Research sees Microsoft as the number one impersonated brand by cybercriminals with the technology sector dominating the top ten. Our latest Brand Phishing Report for Q4 2023 highlights the brands ...
11 months ago Blog.checkpoint.com
Cybersecurity Tips to Stay Safe this Holiday Season - Cybercriminals take advantage of this hectic time to target holiday shoppers and travelers. Their goal is to catch you off guard when or where you least expect it. If you're like me you might be doing some last-minute shopping and looking for the ...
1 year ago Cybersecurity-insiders.com
'Operation Endgame' Hits Malware Delivery Platforms - Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. A frame from one of three ...
6 months ago Krebsonsecurity.com
The Impact of Artificial Intelligence on the Evolution of Cybercrime - The role of artificial intelligence in the realm of cybercrime has become increasingly prominent, with cybercriminals leveraging AI tools to execute successful attacks. Defenders in the cybersecurity field are actively combating these threats. As ...
11 months ago Cysecurity.news
Securing The Future: Cybersecurity Predictions for 2024 - When more than 6 million articles of ancestry and genetic data were breached from 23 and Me's secure database, companies were forced to confront and evaluate their own cybersecurity practices and data management. We won't be saying goodbye to ...
10 months ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)