back to article As if working at Helldesk weren't bad enough, IT helpers now targeted by cybercrims

IT helpdesk workers are increasingly the target of cybercriminals – a trend researchers have described as "the most noteworthy" of the past year. It's not a novel phenomenon, nor is it being carried out in a very sophisticated way, Red Canary's latest threat report notes, yet the trend is growing and miscreants are seeing …

  1. ecofeco Silver badge
    Facepalm

    So many things wrong here

    I... Christ, WTF?

    Help-desk should NEVER have user account control. That's why there are Levels. In many places not even Level 3 has that kind of access. User account should be an entirely separate team under the purview of security or system admin. With attendant MFA.

    I have not worked anywhere for years where help-desk has that kind of authority.

    I can see this mistake being made at very, very small organizations, but medium to large businesses? Are they effing kidding?

    Next, user control changes require a ticket. Which again, is assigned to security or system admin. Who should know why the account is having problems. And ANY elevation of access (if requested) cannot be granted without a manager's sign off.

    Good god, WTF are those organizations doing?!

    But back to the topic: help-desk should never have user access control and a ticket should ALWAYS be generated for the issue. And some kind of MFA, even verbal, should be de facto.

    1. ChoHag Silver badge

      Re: So many things wrong here

      Helldesk staff are not permitted to change user accounts. That does not mean they're not able. Attackers want access, not authority.

      I have not worked anywhere, ever, from startup to global corporation to government, that has demonstrated the necessary level of competence.

      1. hedgie Bronze badge

        Re: So many things wrong here

        It wasn't internal helpdesk, but rather the technical support line for customers, but I'm rather glad that the issue I had a couple of years ago when my phone's actual phone/SMS capabilities got disabled, the tier 1 tech I spoke to did her best to troubleshoot, and quickly escalated. And yes, the issue was in a system that she wasn't allowed to see and the higher level support fixed it in about a minute. I'm very glad that their systems are set up so that front-line staff can't get into the serious stuff.

      2. ecofeco Silver badge
        Pint

        Re: So many things wrong here

        Yep. I've seen it as well.

        Hence my rant. And my drinking problem.

  2. johnrobyclayton

    Helpdeskers are disciplined to be helpful

    First step in most social engineering attack is to look for someone who wants to be helpful in some way.

    Hold the door please.

    I forgot my pass, can you help me?

    I am lost can you tell me where blah is?

    People on helpdesk are trained and expected to be helpful

    People on servoce desks are meant to be of service.

    Makes them a big fat jcy attack surface.

    1. Pascal Monett Silver badge

      Re: Helpdeskers are disciplined to be helpful

      Meant to be helpful, yes. Stupid, no.

      I have trouble understanding how this is supposed to work. Every company I work for has a helpdesk, obviously. The phone number is internal. It is not posted on the Internet. Yes, it is accessible from outside once you know it, but you won't find it in the phone book. Curiously, companies I deal with do not post their Helpdesk number in the Yellow Pages - I wonder why.

      Second point, most organizations I work with do not allow users administrative access to their computers. You might manage to get control, by a miracle and a magic wand, but you're still stuck in user space. You can't install anything. The few companies I deal with that leave me a computer with an admin account are companies I cannot work with remotely, and the helpdesk drone knows me by face and name. Someone tries to pose as me by phone ? I wish him good luck.

      In short, this whole story stinks of incompetence and lack of proper procedures at the highest levels. There are none of my clients - and I don't work for Fortune 1000 companies - that appear to me to be subject to this kind of shenanigans.

      1. katrinab Silver badge
        Alert

        Re: Helpdeskers are disciplined to be helpful

        The user account is good enough to get confidential data though.

      2. Dimmer Silver badge

        Re: Helpdeskers are disciplined to be helpful

        My guys are trained to verify the user. Someone wants a vpn, the contact for that biz gets a call.

        Users:

        please close or minimize all important documents - including porn sites before you call us for remote assist. We can see both screens by the way.

        Also, please don’t store nude pictures of your wife and your girlfriend on the drive you want repaired. We really don’t want to know you that well.

        1. ChoHag Silver badge

          Re: Helpdeskers are disciplined to be helpful

          > My guys are trained to verify the user.

          > Also, please don’t store nude pictures of your wife and your girlfriend on the drive you want repaired. We really don’t want to know you that well.

          But in the other hand that's rock hard verification.

      3. johnrobyclayton

        Re: Helpdeskers are disciplined to be helpful

        Not all helpdesks are internal.

        Providers of software products usually provide a suport desk for their software product users.

        Dozens of software products,

        Dozens of companies that are users of said products.

        Several configurations of product deployments on prem, customer managed cloud, company managed cloud, web, various flavours of remote application.

        Dozens of users per customer site.

        The madated desire to maintain a good customer experience/satisfaction score.

        Closely managing any instinct to be helpful is necessary in such an environment to avoid security vulnerabilities.

        Does not help when customers complain aboiut problems arising from them getting ransom wared every other week and they still do not make sufficient efforts in Disaster Recovery.

        Our internal IT seems to be somewhat paranoid about seci\urity issues and training. They could stand to do a lot more.

    2. Anonymous Coward
      Anonymous Coward

      Re: Helpdeskers are disciplined to be helpful

      People on helpdesk are trained and expected to be helpful

      I take it you've never had to deal with any large(r) corporation in the past oh, say, 10 years.

    3. vtcodger Silver badge

      Re: Helpdeskers are disciplined to be helpful

      Helpdeskers are disciplined to be helpful

      Although I am quite skeptical of many of the claims made for AI, help desks being helpful is one problem that I am confident AI will put an end to. (Whether an AI agent pretending to be a helpful human can be persuaded to dump your entire database in response to an innocuous looking query from a user is a somewhat different issue.)

      1. Yet Another Anonymous coward Silver badge

        Re: Helpdeskers are disciplined to be helpful

        I need to setup MFA app on my phone ?

        Full instructions are on the intranet

        How do I access the intranet ?

        You need to enter the code from the authentication app on your phone

        Thank you for using BloodyStupid(tm) the new AI assistant from Sirius Cybernetics Corporation Complaints division

        Share and Enjoy !

        1. Yet Another Anonymous coward Silver badge

          Re: Helpdeskers are disciplined to be helpful

          And that would still be more helpful than my actual helpdesk who would tell me to file a support ticket.

          Then close the ticket cos I had selected reason='security' when I should have selected 'access permissions' then when I open a new ticket close it because I should have selected 'security'

  3. HandleBaz

    Okta is an access management tool

    Seems like some people here didn't really read the article, or aren't aware of the context.

    Okta is an access management solution.

    The type of account targeted, is the administrator account. A high value account that can give access to other things.

    Local admin or no, doesn't matter if you can just delegate the Okta account you just created all the access you want.

    Even if they have some mechanism to stop you from infecting everything with malware, you can just give yourself access to production systems and steal secrets, or approve bogus invoices.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like