Security News > 2024 > March > As if working at Helldesk weren't bad enough, IT helpers now targeted by cybercrims
Keen infosec watchers will remember last year that the ransomware attack at MGM Resorts was, per the attacker's own account of the situation, orchestrated by phishing an IT helpdesk worker in just the space of 10 minutes.
Red Canary says these types of attacks are usually pulled off by cybercrims phoning an organization's helpdesk while pretending to be an employee.
"The increasing prevalence of these attacks against the help desk behooves IT and security teams to place increased scrutiny on securing and properly permissioning help desk accounts, as adversaries are clearly keen on abusing them to reset the passwords and MFA registrations of high-value accounts," the report reads.
Researchers continue to see cases of helpdesk staff being imitated by attackers to phish other employees - a role reversal to the aforementioned trend.
Working under the guise of a perceived sense of legitimacy, trustworthiness, and authority, attackers can request access and multi-factor authentication codes from users which can then be used to hijack accounts.
As the rise in helpdesk phishing attacks shows, they can't be relied upon solely and almost always have some way to circumvent them.