Securing helpdesks from hackers: What we can learn from the MGM breach – Source: www.bleepingcomputer.com

In the wake of the MGM Resorts service desk hack, it’s clear that organizations need to rethink their approach to security, particularly when it comes to verifying the identity of employees contacting the helpdesk.

Employee accounts are of paramount concern as they can provide access to internal systems.

In this article, we’ll explore how you can prevent such incidents in your organization and ensure that your helpdesk is a stronghold of security.

A look at the MGM breach

Before we dive into prevention strategies, let’s briefly recap the MGM Resorts service desk hack. The attackers employed sophisticated social engineering tactics, specifically vishing (voice phishing), to manipulate the service desk personnel.

They meticulously researched and impersonated an MGM Resorts employee using information gathered from LinkedIn, creating a convincing facade to deceive the helpdesk staff. 

This initial breach was facilitated by the absence of a robust end-user verification system at the service desk, allowing the attackers to bypass security measures and gain unauthorized access.

Then, the attackers swiftly escalated their privileges within the network, eventually acquiring administrator rights. This elevation in access allowed them to deploy ransomware across the MGM Resorts’ network, causing widespread system outages and operational disruptions.

The role of secure verification at the helpdesk

Helpdesk staff are on the frontline when it comes to security. They are often the first point of contact for users needing assistance with password resets or account lockouts. However, this also makes them a prime target for attackers looking to gain unauthorized access.

Psychological play of social engineering

Social engineering attacks, particularly those targeting helpdesk personnel, are meticulously crafted to manipulate human psychology. Attackers often employ tactics that create a sense of urgency, appeal to the staff’s desire to be helpful, or exploit their potential lack of awareness about sophisticated cyber threats.

Helpdesk staff, in their role to provide prompt and efficient service, may inadvertently become more susceptible to these manipulative strategies.

Speed over security

The nature of helpdesk work, which emphasizes rapid response and problem-solving, can sometimes lead to a compromise in security protocols. Staff may feel pressured to resolve issues quickly, potentially overlooking red flags or skipping essential verification steps. 

How to implement secure verification

To fortify your organization’s helpdesk against potential cyber threats, you need a holistic strategy that integrates technological solutions and addresses human factors.

1. Educate your helpdesk staff

While helpdesk staff are generally aware of basic cybersecurity risks, it’s crucial to provide ongoing training to brief them on new and emerging forms of attacks. Emphasize the importance of rigorous user identity verification to maintain a robust security posture.

2. Create a supportive environment

Encourage a culture where staff feel comfortable questioning the legitimacy of requests and are supported in taking the time needed to thoroughly verify user identities.

3. Implement multi-factor authentication

Integrate a robust multi-factor authentication (MFA) system, requiring users to provide multiple forms of verification before access is granted. Choose a mixture of something the user is (biometric authentication), something the user holds (safety token or mobile phone verification) and something the user knows (PIN or passphrase). Never rely on passwords alone.

4. Integrate Specops Secure Service Desk

Shift towards a more secure verification process for Active Directory users by adopting solutions like Specops Secure Service Desk.

This approach minimizes the dependency on security questions, offering more secure user verification methods using authentication services such as Duo Security, Okta, PingID, Symantec VIP, and more. It ensures that only verified individuals can request critical actions such as password resets or account unlocks.

5. Evaluate risk context of each request

Evaluate the risk context of each helpdesk request. Secure Service Desk can help enforce verification of higher risk requests like account lockouts and password resets

6. Secure communication channels

Ensure that all communications between the helpdesk and users occur over encrypted channels. Utilize secure protocols such as TLS for email and voice communications to prevent eavesdropping and man-in-the-middle attacks.

7. Conduct regular security audits and penetration testing

Regularly audit your helpdesk and user verification processes to identify and mitigate potential vulnerabilities. Employ penetration testing to simulate social engineering attacks and assess the resilience of your helpdesk staff and security protocols. Address any protocol laxity immediately. 

Building a stronghold of security

The MGM Resorts service desk hack serves as a stark reminder of the importance of secure verification processes at the helpdesk level. Organizations should immediately move away from the reliance on security questions as cybercriminals have discovered too many techniques to exploit that method.

Specops Secure Service Desk ensures a stringent verification process for all Active Directory users, confirming their status as authorized employees prior to initiating any password resets or account unlocks. This system fortifies your helpdesk’s security protocols, removing insecurities or manual verification methods.

Utilizing an MFA-based strategy ensures that the verification process creates a formidable barrier against potential attackers.

Take the first step towards a more secure helpdesk and protect your organization’s sensitive information – contact Specops today to implement Secure Service Desk in your environment.

Sponsored and written by Specops Software.