Several cyberattacks on major British retailers including Marks & Spencer, the Co-op Group, and others have been attributed to social engineering, the practice of deceiving internal support teams by impersonating legitimate employees to deceive internal support teams. It has been reported that the attackers contacted the companies’ IT help desks and posed convincingly as employees seeking immediate assistance.
Using trust and urgency as a basis, they were able to persuade help desk employees to reset passwords for internal accounts, giving them unauthorised access to sensitive corporate information. Using this technique, attackers could potentially gain access to sensitive data, internal communications, and systems that may be used to further exploit or steal data, as it bypasses traditional technical safeguards.
Once inside the networks, the attackers could potentially gain access to confidential data, internal communications, and systems that could be used for further exploitation.
According to the UK’s National Cyber Security Centre (NCSC), in light of these developments, all organisations should conduct a thorough review of their authentication procedures for help desks.
According to the UK’s National Cyber Security Centre (NCSC), in light of these developments, all organisations should conduct a thorough review of their authentication procedures for help desks.
As social engineering attacks are becoming increasingly sophisticated and difficult to detect, NCSC stresses the importance of implementing strict identity verification methods and training employees to recogn
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: