The holiday season is, unfortunately, a time of increased risk and vulnerability for businesses and organizations. Cyberattacks tend to spike during the holidays, as hackers take advantage of the reduced security measures, increased online activity, and heightened pressure that characterize this period. Service desks are prime targets for hackers.
Why?
Consumer Online Spending Increases
People tend to spend more during the holiday seasons, and they are increasingly doing so more online. On Black Friday 2022, consumers managed to spend $9.2 billion online, a 2.3 percent year-over-year increase. With this type of activity, companies have a lot more consumer data on-hand. This means that hackers will have that much more valuable data to steal.
Consumer data can include personal information, such as names, addresses, phone numbers, email addresses, and credit card numbers, as well as behavioral data, such as browsing history, purchase history, preferences, and interests. This data can be used by hackers for various purposes, such as identity theft, fraud, phishing, spamming, or selling to other malicious actors.
To protect consumer data, companies need to implement strong encryption, authentication, and authorization mechanisms, as well as monitor and audit their data flows and transactions. They also need to educate their customers on how to spot and avoid phishing emails, fake websites, and other scams that may try to trick them into revealing their sensitive information.
Service Desks Are not Fully Staffed
During the holidays, service desks may be understaffed and under pressure. There may be fewer people available to respond to threats and the service desk employees who are there may be too busy dealing with requests to stay vigilant against threats.
Service desks are responsible for providing technical support and assistance to end users, as well as maintaining and troubleshooting the IT infrastructure and systems of the organization. They are often the first line of defense against cyberattacks, as they can detect, contain, and resolve incidents before they escalate and cause more damage.
However, during the holidays, service desks face several unique challenges:
- Increased workload: Service desks may receive more requests and calls from end users who are experiencing issues or need help with their devices, applications, or accounts. This can overwhelm the service desk staff and reduce their response time and quality.
- Reduced staff: Service desks may have fewer staff members available, as some may take time off or work remotely during the holidays. This can create gaps in the service desk coverage and increase the risk of missing or delaying critical alerts or incidents.
- Lowered alertness: Service desks may have lower levels of alertness and attention, as they may be distracted by the festive mood, personal matters, or fatigue. This can impair their ability to spot and react to suspicious or malicious activities or behaviors.
To overcome these challenges, service desks need to plan ahead and prepare for the holiday season. They need to allocate sufficient resources and staff, as well as implement backup and contingency plans. They also need to train and educate their staff on how to identify and respond to cyberattacks, as well as how to protect themselves and their devices from being compromised.
Companies Have No Emergency Plan for an Increase in Cyberattacks
Many companies also may not have strategies in place to address the escalation of holiday cyberattacks. Compared to how they could respond to an attack that occurs during a regular weekday, companies will take much longer to analyze, stop or recover from one that occurs during the busy holiday season.
Cyberattacks can have severe consequences for companies, such as:
- Loss of data: Cyberattacks can result in the loss or corruption of data, which can affect the operations, performance, and reputation of the company. Data loss can also lead to legal liabilities, regulatory fines, or customer lawsuits.
- Loss of revenue: Cyberattacks can disrupt the business processes, transactions, and services of the company, which can affect the revenue and profitability of the company. Cyberattacks can also damage the brand image and customer loyalty of the company, which can affect the long-term growth and sustainability of the company.
- Loss of trust: Cyberattacks can erode the trust and confidence of the stakeholders of the company, such as employees, customers, partners, suppliers, investors, and regulators. This can affect the collaboration, communication, and innovation of the company.
To mitigate these consequences, companies need to have a comprehensive and effective emergency plan for dealing with cyberattacks. They need to establish a clear and consistent incident response process, as well as assign roles and responsibilities to the relevant teams and individuals. They also need to communicate and coordinate with their internal and external stakeholders, as well as report and disclose the incident to the appropriate authorities.
Companies Are More Likely to Pay Ransom
Companies may opt to pay ransoms quickly to stop the ransom amounts from increasing and to not lose any more business. Ransomware is a type of malware that encrypts the data or systems of the victim and demands a ransom for the decryption key. Ransomware attacks have become more prevalent and sophisticated in recent years, as hackers use various techniques to evade detection, spread infection, and increase pressure.
Some of the factors that may influence the decision to pay ransom are:
- Urgency: Companies may feel the urgency to restore their data or systems as soon as possible, especially if they are critical for their operations or customers. They may also fear that the ransom amount will increase over time, or that the hackers will delete or leak their data if they do not pay.
- Uncertainty: Companies may not have the confidence or capability to recover their data or systems without the decryption key, especially if they do not have adequate backups or security measures. They may also not know the identity or credibility of the hackers, or whether they will honor their promise to provide the decryption key after receiving the payment.
- Cost: Companies may calculate the cost of paying the ransom versus the cost of not paying the ransom, and decide that the former is more economical or feasible. They may consider the direct and indirect costs of the ransomware attack, such as the loss of revenue, productivity, reputation, and trust, as well as the potential legal, regulatory, or contractual penalties.
However, paying ransom is not a guarantee of getting the data or systems back, and it may also encourage more ransomware attacks in the future. Therefore, companies should avoid paying ransom, and instead focus on preventing, detecting, and responding to ransomware attacks. They should implement robust security policies and practices, such as updating and patching their software, encrypting and backing up their data, and educating and training their staff. They should also have a contingency plan and a recovery strategy in case of a ransomware attack.
For hackers, all these factors create an ideal situation for launching service desk attacks. For example:
- JBS, the world’s largest meat suppliers shut down production when it was hacked during Memorial Day weekend in May of 2021. The company paid $11 million in ransom to the hackers, who claimed to be part of a Russian cybercrime group called REvil.
- At the beginning of the July 4th weekend in 2021, hackers targeted U.S. technology firm Kaseya, targeting hundreds of companies around the world with ransomware. The hackers demanded $70 million in ransom for a universal decryption tool, but later lowered the price to $50 million.
- In March 2022, a Microsoft’s employee account was compromised with a call to the service desk, which allowed hackers to steal code from Bing, Bing Maps and Cortana. The hackers claimed to be part of a Chinese hacking group called Hafnium, and used the stolen code to launch further attacks on Microsoft’s customers and partners.
Why the Service Desk is a Prime Holiday Cyberattack Target
The service desk is typically the first point of contact for end users who are unable to login to their account or access needed company resources. The service desk can perform or facilitate critical, high-risk functions such as resetting passwords, creating new accounts (including administrative accounts) or eliminating multi-factor authentication for users who have been locked out of their accounts.
This capability of bypassing security policies is a double-edged sword: While serving as the first line of defense against hackers and point of contact for employees, the service desk also serves as a back door to your network through social engineering.
Social engineering is the art of manipulating people into performing actions or divulging information that they normally would not. Hackers use various techniques, such as impersonation, deception, persuasion, or intimidation, to exploit the human factor of the service desk and gain access to the network or data.
Common Attacks Involving the Service Desk
- Vishing or Voice Phishing: Hackers will impersonate service desk support to con end-users into providing not only their passwords, but also their two-factor authentication information. They can also compromise accounts by sending alerts to targets that claim their device has been infected and that they must contact the service desk to fix the issue. For example, in 2020, hackers used vishing to breach Twitter and gain access to the accounts of several high-profile celebrities, politicians, and businesses.
- Ransomware: Hackers will use the service desk as a vector to deliver ransomware to the network or devices of the organization. They can either trick the service desk staff into opening a malicious attachment or link, or impersonate a legitimate user and request the service desk to install or run a malicious program. For example, in 2019, hackers used ransomware to attack the city of Baltimore, and demanded $76,000 in ransom. The hackers claimed to have used the service desk’s remote access tool to infect the city’s network.
- Social Engineering for Password Resets: Hackers will research employees who have personal information online and on social media to gain answers to security questions, and then impersonate a legitimate user and request a password reset from the service desk. If it is an administrative account, they can perform actions such as elevate privileges or remove two-factor authentication protection for other accounts. These actions allow them to move laterally across the company’s networks and conduct further attacks. For example, in 2021, hackers used social engineering to breach the service desk of MGM Resorts and access the personal data of 10.6 million guests, including celebrities and government officials.
- Spear Phishing: Hackers will target specific individuals or groups within the organization, such as executives, managers, or IT staff, and send them customized emails that appear to be from a trusted source, such as a colleague, a partner, or a vendor. The emails will contain a malicious attachment or link, or ask for sensitive information, such as credentials, financial details, or confidential documents. The hackers will use the holiday season as a pretext or a lure, such as offering a gift card, a discount, or a donation. For example, in 2019, hackers used spear phishing to attack the United Nations, and sent emails that claimed to be from the UN’s World Health Organization, asking for donations to fight the coronavirus pandemic.
How to Protect the Service Desk from Holiday Cyberattacks
The service desk is a vital component of the organization’s security posture, and it needs to be protected from holiday cyberattacks. Here are some of the best practices that can help the service desk to prevent, detect, and respond to cyberattacks:
- Implement a strong authentication and authorization policy: The service desk should require multiple factors of authentication, such as passwords, tokens, or biometrics, to verify the identity of the end users and the service desk staff. The service desk should also limit the access and privileges of the service desk staff, and enforce the principle of least privilege, which means that they should only have the minimum level of access and permissions that they need to perform their tasks.
- Educate and train the service desk staff and the end users: The service desk should provide regular and updated education and training to the service desk staff and the end users on how to recognize and avoid cyberattacks, such as phishing, vishing, ransomware, and social engineering. The service desk should also create and distribute awareness campaigns and materials, such as posters, flyers, or newsletters, that highlight the common signs and indicators of cyberattacks, and the best practices and tips to prevent them.
- Monitor and audit the service desk activities and incidents: The service desk should monitor and audit the service desk activities and incidents, such as the requests, calls, emails, chats, tickets, and logs, and look for any anomalies, patterns, or trends that may indicate a cyberattack. The service desk should also use tools and technologies, such as antivirus, firewall, intrusion detection and prevention systems, and security information and event management systems, to detect and block any malicious or suspicious activities or behaviors.
- Report and escalate any suspected or confirmed cyberattacks: The service desk should report and escalate any suspected or confirmed cyberattacks to the relevant authorities and stakeholders, such as the security team, the management, the legal department, and the law enforcement. The service desk should also follow the incident response plan and procedures, and cooperate with the investigation and recovery efforts.
The holiday season is a time of increased risk and vulnerability for cyberattacks, as hackers take advantage of the reduced security measures, increased online activity, and heightened pressure that characterize this period. The service desk is a prime target for hackers, as it can perform or facilitate critical, high-risk functions, such as resetting passwords, creating new accounts, or eliminating multi-factor authentication. Hackers use various techniques, such as impersonation, deception, persuasion, or intimidation, to exploit the human factor of the service desk and gain access to the network or data. To protect the service desk from holiday cyberattacks, the service desk needs to implement a strong authentication and authorization policy, educate and train the service desk staff and the end users, monitor and audit the service desk activities and incidents, and report and escalate any suspected or confirmed cyberattacks. By doing so, the service desk can enhance its security posture and resilience, and ensure a safe and happy holiday season for the organization and its customers.