Cloud organizations are now protected from service desk impersonation attacks with stronger authentication methods
Today, Specops Software, an Outpost24 company and leading provider of password and identity management solutions, has announced that its Specops Secure Service Desk for Cloud now supports native Entra ID, including on-premises and hybrid, enabling cloud-based organizations to verify the identity of callers to the service desk using stronger authentication methods that minimize the risk for user impersonation. Currently Microsoft does not offer built-in identity verification for users contacting the service desk. Specops Secure Service Desk solves this problem by verifying users when they contact the service desk, now including cloud-only environments.
“Cybercriminals have significantly stepped up their game in targeting service desks to gain access to corporate networks leading to loss of revenue and erosion of brand loyalty and reputation,” said Omri Kletter, Chief Product Officer at Outpost24. “That’s why it is more critical than ever that all organizations, whether cloud, hybrid, or on-prem-based, arm themselves with the most powerful tools to protect against these kinds of attacks.”
In recent months, many high-profile organizations, including British retailer Marks and Spencers (M&S), have been targeted in sophisticated social engineering attacks that specifically target service desk agents. The “Scattered Spider” threat group, thought to be behind the attack on M&S, as well as the 2023 MGM Resorts hack, has repeatedly demonstrated that the service desk is a prime social engineering target that can cause a lot of disruption for organizations. The M&S attack, for example, is thought to have led to an estimated $402 million profit hit for the retailer, with some customer data stolen. As a result, the UK’s National Cyber Security Centre has specifically urged organizations to review and harden their help-desk password reset workflows to stop similar manipulations before they can escalate into full-blown ransomware or extortion events, with other government cyber organizations globally likely to follow suit.
Verifying the identity of callers to the service desk is just as critical for cloud-only customers as it is for on-prem organizations. An organization’s service desk agents need reliable tools to verify the ID of callers, for the following reasons:
- Remote and hybrid working drives increased call volumes: If users are still calling the service desk with problems, service desk agents are at risk of social engineering.
- Digital transformation adoption outpaces user training: Fighting against sophisticated and quickly evolving social engineering tactics is a complex task if service desk agents are not supported with the right tools.
- Service desks are an easier avenue of attack than passwords: Threat actors know it’s easier to attack the service desk than crack strong passwords or bypass MFA – this attack route won’t disappear.
- Evolving tactics aided by artificial intelligence (AI): Deepfakes and social media reconnaissance can render traditional verification methods ineffective.
Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!