CyberHappenings logo

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Service Desk Exploited as Attack Vector by Social Engineering

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Threat actors are increasingly targeting service desks to gain unauthorized access to enterprise systems. Social engineering tactics, often employed by groups like Scattered Spider, exploit help desk agents to reset passwords and gain full domain access. Recent incidents, such as those at MGM Resorts and Clorox, highlight the significant impact of successful social engineering attacks. The primary defense against these attacks is to shift user verification from agent discretion to a formal, security-owned workflow. This approach reduces the burden on agents and ensures consistent, logged, and enforced verification processes.

Timeline

  1. 02.10.2025 17:00 1 articles · 1h ago

    Service Desk Exploited as Attack Vector by Social Engineering

    Threat actors are increasingly targeting service desks to gain unauthorized access to enterprise systems. Social engineering tactics, often employed by groups like Scattered Spider, exploit help desk agents to reset passwords and gain full domain access. Recent incidents, such as those at MGM Resorts and Clorox, highlight the significant impact of successful social engineering attacks. The primary defense against these attacks is to shift user verification from agent discretion to a formal, security-owned workflow. This approach reduces the burden on agents and ensures consistent, logged, and enforced verification processes.

    Show sources

Information Snippets