Introduction
As we have witnessed in recent weeks with the MGM and Caesars Entertainment breaches, helpdesks are prime attack surfaces that are seeing a surge in exploitation. Although much of the press surrounding these most recent events alludes to helpdesk operators’ roles in the exploits, this type of vulnerability actually is a technology and process problem rather than a people problem. The most effective way to defend against this type of attack is to understand the adversarial perspective. That is, consider how the attackers approach each hurdle they encounter when contacting a helpdesk, and refine your organization’s process and technology to mitigate any weaknesses. This blog covers common Tactics, Techniques & Procedures (TTPs) that many Red Teams, including ours, use to compromise high value assets through exploitation of helpdesk procedures.
The Attack Surface
To state the obvious, the purpose of helpdesk is to be helpful. This mission, along with the excessive privileges helpdesk operators often wield, can be a recipe for major security incidents. Attackers are able to exploit the process and technology weaknesses in light of helpdesk operators’ need to do their job. We will delve more deeply into this during our Enumeration section.
When considering a helpdesk organization as an attack surface to exploit, some aspects of the approach depends on the size and maturity of the company. Some companies have heroic small teams, and others have established well-formalized, global teams with a modern technology stack. However, regardless of size and complexity of the organization, almost all incorporate multiple ways in whi ..
Support the originator by clicking the read the rest link below.
