Given the recent MGM Resorts service desk hack, organizations should reevaluate their security approach for verifying the identity of employees who contact the helpdesk. Employee accounts pose a significant risk as they can provide access to internal systems. In the MGM incident, the attackers employed vishing (voice phishing) and convincingly impersonated an MGM Resorts employee. This exploit took advantage of the service desk's lack of a robust end-user verification system, enabling the attackers to bypass security measures and gain unauthorized access. Subsequently, they escalated their privileges and deployed ransomware across the network, resulting in widespread system outages.
Helpdesk staff play a critical role in security as they are often the first point of contact for users needing assistance. However, they are also prime targets for attackers. Social engineering attacks targeting helpdesk personnel manipulate human psychology and exploit their desire to be helpful or their lack of awareness about cyber threats. The nature of helpdesk work, emphasizing rapid response, and problem-solving, can sometimes compromise security protocols as staff may feel pressured to resolve issues quickly, potentially overlooking red flags or skipping verification steps.
How to implement secure verification
1. Educate your helpdesk staff: While helpdesk staff are generally aware of basic cybersecurity risks, it's crucial to provide ongoing training to brief them on new and emerging forms of attacks. Emphasize the importance of rigorous user identity verification to maintain a robust security posture.
2. Create a supportive environment: Encourage a culture where staff feel comfortable questioning the legitimacy of requests and are supported in taking the time needed to thoroughly verify user identities.
3. Implement multi-factor authentication: Integrate a robust multi-factor authentication (MFA) system, requiring users to provide multiple forms of verification before access is granted. Choose a mixture of something the user is (biometric authentication), something the user holds (safety token or mobile phone verification) and something the user knows (PIN or passphrase). Never rely on passwords alone.
Relevance:
User Awareness Training, IT Infrastructure Security
Reference
1. Specops Software. (2024, January 8). Securing helpdesks from hackers: What we can learn from the MGM breach. BleepingComputer. https://www.bleepingcomputer.com/news/security/securing-helpdesks-from-hackers-what-we-can-learn-from-the-mgm-breach/
How can CyberForce|Q services help you address this risk?
Incident Response is a time-based situation and CyberForce|Q can assist with a potential incident in your environment. Our experienced Incident Response Team can be deployed 24x7x365 – reach out to solutions@cyberforceq.com.
Learn more about CyberForce|Q.
Comments