Specops adds Entra ID support to Secure Service Desk

Specops Software has announced that its Specops Secure Service Desk for Cloud now supports native Entra ID, extending identity verification to on-premises and hybrid environments for cloud-based organisations.

The update enables service desk agents to use enhanced authentication methods to verify the identity of callers, strengthening protection against user impersonation. Microsoft currently does not provide built-in identity verification for requests made to the service desk. Specops Secure Service Desk addresses this gap by offering a verification system that is now also available to cloud-only organisations.

"Cybercriminals have significantly stepped up their game in targeting service desks to gain access to corporate networks leading to loss of revenue and erosion of brand loyalty and reputation. That's why it is more critical than ever that all organizations, whether cloud, hybrid, or on-prem-based, arm themselves with the most powerful tools to protect against these kinds of attacks," said Omri Kletter, Chief Product Officer at Outpost24.

Recent months have seen a rise in sophisticated social engineering attacks on service desks at major organisations, including British retailer Marks and Spencers (M&S). Security experts believe the "Scattered Spider" group was responsible for the attack on M&S, as well as for the 2023 MGM Resorts breach. In the case of M&S, the incident reportedly led to a USD $402 million profit impact and resulted in some customer data being compromised. These incidents have highlighted the service desk as a preferred target for attackers seeking to exploit human vulnerabilities.

The UK's National Cyber Security Centre has responded by urging organisations to reinforce their help-desk password reset procedures to prevent manipulations from escalating into larger ransomware or extortion campaigns. There is an expectation that other government cybersecurity agencies will issue similar recommendations globally.

According to Specops Software, the need for reliable identity verification tools at the service desk is driven by several factors. The rise of remote and hybrid working has increased call volumes to service desks, which heightens the risk of social engineering attempts.

Organisations embracing digital transformation at a rapid pace may find it challenging to keep user training synchronised with the evolving sophistication of cyber threats. Service desk agents are often at the frontline of such attacks but may lack the necessary technology to defend against them without solutions like those now offered by Specops.

Certain attack routes remain notably more attractive to cybercriminals than direct password attacks.

"Threat actors know it's easier to attack the service desk than crack strong passwords or bypass MFA – this attack route won't disappear," the company noted.

Additionally, advances in artificial intelligence, such as the creation of deepfakes and enhanced social media reconnaissance, can render standard verification procedures less effective, further highlighting the need for robust solutions.

Specops Secure Service Desk offers multiple verification options for users contacting the service desk, including mobile and email codes, as well as integration with commercial authentication services such as Duo Security, Okta, Symantec VIP, PingID, and YubiKey. Technical enforcement ensures that service desk agents cannot move forward with a caller's request unless the authentication is completed through the platform. The software also integrates with a range of identity services and ticketing systems, including ServiceNow and Jira.

The enhanced Specops Secure Service Desk is now available for organisations using Entra ID exclusively, as well as for those with on-premises or hybrid environments.