不要让你的帮助台成为网络攻击的切入点.pdf

1、12024 RSA Security LLC or its affiliates.All rights reserved.Dont Let Your Help Desk Become an Entry Point for Cyberattacks22024 RSA Security LLC or its affiliates.All rights reserved.Todays SpeakerCISORobert Hughes32024 RSA Security LLC or its affiliates.All rights reserved.Audience Poll Have you e

2、ver worked as part of a Help Desk Team?42024 RSA Security LLC or its affiliates.All rights reserved.Attack vector:Tricking the help desk April 2024 US Health Department warns that hackers are targeting help desks September 2023 MGM SEC 8-K filing-USD$100 million impact Caesars Palace-USD$15 million

3、ransom paid 3 other companies hit with similar attacks March 2022 LAPSUS$DEV-0537-attack against Microsoft to get source codeHelp Desks Targeted52024 RSA Security LLC or its affiliates.All rights reserved.Impersonate an Employee Target the Help DeskAttacker may have credentials or some access alread

4、yMay have intel on the employee they are impersonatingLikely target:Get around MFA Multi-Factor Authentication Talk Help Desk into disabling MFA for admin account Talk Help Desk into changing/allowing a new false authenticatorPlan:Get deeper into the networkHelp Desk Attack VectorsImpersonate the He

5、lp Desk Target an employeePre-MFA-extract credentials Post-MFA trick user to complete MFA response,or share MFA info One Time Passwords62024 RSA Security LLC or its affiliates.All rights reserved.Still on targetFeeling its AgeNew Context Call logging,ticketing/proactively identifying possible red fl

6、ags Escalation to supervisor External authentication/remote user guidance Ensure secure and clear business processes Use of MFA techniques Corporate phone systems Focus on IPSec VPNs Focus on hardware/hard tokens Ubiquitous MFA AI and Deepfakes Prevalence of remote users in the post-COVID era Smartp