Phishing for Access: The Growing Threat to IT Support Teams
EC
Service desk employees are increasingly targeted by cybercriminals employing social engineering tactics. These attacks exploit IT support to gain unauthorized access to systems, often leading to significant operational disruptions and data breaches. Understanding these threats and implementing effective countermeasures is crucial for organizational cybersecurity.
The Threat Landscape
Social Engineering Attacks
Cybercriminals frequently impersonate legitimate employees, contacting service desks to request password resets or multi-factor authentication (MFA) changes. By providing stolen personal information, they convince support staff to grant access to systems. The Scattered Spider group has employed such tactics against major retailers like Marks & Spencer and Co-op, resulting in significant service disruptions and data theft.
AI-Driven Impersonation
Artificial intelligence has enabled attackers to clone voices, making impersonation attempts more convincing. By mimicking executives or employees, they deceive service desk agents into granting unauthorized access.
MFA Circumvention
Attackers exploit vulnerabilities in MFA processes by requesting the enrollment of new devices. This tactic has been used to hijack accounts and divert payments, particularly in the healthcare sector.

Real-Life Examples of Service Desk Exploits
MGM Resorts Breach
In September 2023, MGM Resorts experienced a cyberattack that disrupted operations across its Las Vegas establishments. The breach originated from a call to the help desk, where attackers impersonated an employee and requested a password reset. This social engineering tactic granted them unauthorized access to systems, leading to widespread outages.
Uber's MFA Fatigue Attack
In 2022, Uber fell victim to an MFA fatigue attack orchestrated by the Lapsus$ hacking group. Attackers obtained employee credentials and bombarded them with repeated MFA requests. Eventually, an employee approved one of the requests, allowing the attacker access to Uber's internal systems.
Twitter's 2020 Account Hijacking
In July 2020, multiple high-profile Twitter accounts were compromised through a coordinated social engineering attack. Attackers manipulated Twitter employees into providing access to internal tools, enabling them to hijack accounts and post scam messages.
Strengthening Service Desk Security
Implement Robust Verification Protocols
Enhance identity verification by incorporating methods beyond traditional security questions. Utilize solutions that send one-time passwords to registered devices or integrate with trusted providers like Duo Security and Okta.
Enforce Strict MFA Policies
Require that any changes to MFA settings undergo rigorous verification processes. Avoid making exceptions, even under seemingly urgent circumstances, to prevent unauthorized access.
Provide Comprehensive Training
Regularly train service desk staff to recognize and respond to social engineering attempts. Emphasize the importance of adhering to verification protocols and reporting suspicious activities.
Monitor and Audit Access Requests
Implement systems to track and review access requests and changes. Regular audits can help identify patterns indicative of malicious activities.

Conclusion
As cyber threats targeting service desks become more sophisticated, organizations must proactively bolster their defenses. By understanding the tactics used by attackers and implementing comprehensive security measures, service desks can transform from vulnerable entry points into robust lines of defense. If your company is concerned about their security posture TechHorizon Consulting can help. We can help your company to achieve cybersecurity best practices and protect from cyber-attacks. If this interests you, please visit our 'Contact Us" page.