How Sophisticated Social Engineering Attacks Are Targeting IT Service Desks

Written by

It isn’t just software that's under siege but the very people who use it. While cyberattacks often exploit technical vulnerabilities, many attackers find manipulating human psychology far more effective. 

This cunning strategy, known as social engineering, continues to evolve and becomes more intricate every day. Leveraging a mix of deception, persuasion, and exploitation, these attacks prey on human tendencies to trust and cooperate. But the frontline of these attacks isn’t just your usual employees or end-users. The spotlight is now on a fresh, high-profile target – the service desk.

Recent Attacks Spotlight a Vulnerable Frontline

The service desk has traditionally been the first point of contact for users facing technical issues, like a locked account and forgotten passwords. To help them with these requests, the service desk staff will verify the identity of the user through a series of security questions. 

In the age of social media and open networks, it’s surprisingly easy for attackers to collect answers to these questions. Plus, in the age of hybrid work, service desk agents are overwhelmed with more requests for fixing remote issues. In a bid to handle tickets quickly, they may sometimes overlook security best practices.

The following examples from EA and MGM are unlikely to be isolated incidents – instead, they reflect a larger trend in which attackers have identified service desks as soft targets. 

EA Source Code Breach

In 2021, hackers infiltrated Electronic Arts (EA) and subsequently released a vast amount of stolen data. On June 10, the hackers used an underground hacking forum to announce that they possessed EA data, which they intended to sell for a staggering $28 million

It turns out the attackers had acquired authentication cookies for an EA internal Slack channel from a dark web marketplace. By using these cookies, they impersonated an EA employee who was already logged into the system to access EA's Slack channel. Once inside, they deceived EA IT support staff into granting them access to EA's internal network. With this access, they downloaded over 780GB of source code.

MGM Resort Service Desk Hack

Fast forward to September 2023, and the massive hospitality and entertainment business MGM Resorts was crippled by a similar cyberattack. The attack led to extensive outages across its Las Vegas establishments, causing disruptions in slot machines, room key cards, TV services, internal networks, and much more. Employees were forced to revert to manual methods to manage guest services and requests. 

The point of entry? A fraudulent call to their help desk. After locating the LinkedIn of an MGM Resorts employee, hackers impersonated this individual and called the organization's service desk, requesting a password reset to access their account. 

The Multi-Factor Solution

For businesses aiming to fortify their defences, the solution lies in a multi-layered verification approach at the service desk level, something that moves beyond security questions. 

Using a multi-layered verification approach ensures only genuine employees within your network get verified access and provides added protection against sophisticated social engineering attacks as you can use authentication methods that remove the opportunity for user impersonation, with something the user is (such as fingerprint) and something the user has (such as a mobile phone), not just something the user or an attacker may know.  

Guarding Against Social Engineering

In a game of cat and mouse between cyber criminals and businesses, staying one step ahead is key. While attackers find innovative ways to exploit the human element, businesses must continuously refine their defenses, eliminating weak links in their security landscape. 

The best course of action to batten down the hatches for service desks is a verification system that only grants account access after multifactor authentication.

Tools such as Specops Secure Service Desk,  are designed specifically for Active Directory users and securely enforce caller verification instead of relying on insecure or “on paper” processes that are prone to human error.

Secure Service Desk increases security with identity verification options that range from mobile or email verification codes to fingerprint and commercial providers such as Duo Security, Okta, PingID, and Symantec VIP.

If you like to learn more, request a personalized demo of Specops Secure Service Desk today.

What’s hot on Infosecurity Magazine?