March 15, 2024 at 03:09PM
IT helpdesk workers are increasingly targeted by cybercriminals, a trend noted in Red Canary’s latest threat report as notable. Phishing tactics are being used to gain access to organizational accounts, with attackers pretending to be employees and requesting changes to identity and access management controls. Red Canary recommends enhanced security measures to combat these attacks.
Based on the meeting notes, it is evident that the IT helpdesk is increasingly targeted by cybercriminals. The attackers are using tactics such as phishing and social engineering to manipulate helpdesk workers into making changes to identity and access management controls, enabling the attackers to assume control of targeted user accounts.
Notably, the attackers are using helpdesk-based phishing, both by impersonating helpdesk workers to phish other employees and by posing as employees to deceive the helpdesk. As a result, the report suggests that organizations must take more thoughtful approaches to secure and verify employee-helpdesk interactions.
The researchers provided several recommendations, including:
1. Requiring employees to verify their identity using information that cannot be easily sourced by remote attackers, such as the serial number of their company-issued computer and personally identifiable information not available online.
2. Establishing a specific passphrase for organization staff to use for verification.
3. Verifying identities through video calls and asking specific questions about employees’ working behavior.
4. Verifying staff members’ identity through a third party, such as their manager.
Additionally, it was emphasized that while Multi-Factor Authentication (MFA) is crucial, it should not be solely relied upon, as attackers often find ways to bypass it. The need to balance user-friendly access with secure connectivity was also highlighted.
Overall, it is recommended that IT and security teams place increased scrutiny on securing and properly permissioning helpdesk accounts and consider the suggestions provided by the researchers to enhance the security of employee-helpdesk interactions.