Holiday season cyber threats: Is your service desk prepared?

Cybercriminals strategically time their attacks for when cyber defenses are most vulnerable. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have noticed a significant increase in ransomware attacks against US companies during holidays and weekends. For instance, in May 2021 (Mother’s Day weekend), hackers infected the IT system of a critical US enterprise (Colonial Pipeline) in the energy sector with DarkSide ransomware, leading to the suspension of fuel supplies to many cities for one week.    

When hackers are looking to launch a social engineering attack, like tricking a service desk employee with a fake password reset request, it’s no different. Holidays are a chance for workers in some industries to take downtime and recharge their batteries while customer demand is reduced. For others, it’s their busiest time of the year – with demand rising while staffing is strained due to public holidays or vacations. Cybercriminals know these scenarios offer opportunities to catch service desk employees off guard.    

Why are organizations more susceptible to cyberattacks during holidays? 

Organizations are considered to be more susceptible to cyberattacks at weekends and during holidays – especially service desks. There are a few reasons this is the case:  

Reduced staff 

Most enterprises operate with fewer employees during holiday time and weekends. Service staff could be on vacation and the temporary employees may be less skilled in technical security matters, making them easier targets for cybercriminals. This puts the remaining team members under pressure to quickly resolve customer/employee enquiries, which can lead to missing potential security risks and being prone to social engineering attacks.  

Many also allow their service desk staff to work remotely during holiday periods, making them more isolated and easier social engineering targets. If employees are using their own devices from home, the risks are amplified further. 

Time constraints 

Whether due to staff shortages or increased demand, service desk staff can become flooded with large numbers of support tickets and enquiries from both employees and customers. In organizations with weaker security processes, this increases the chances they might bypass the enforced security measures to save time, such as resetting passwords without proper identification of the caller.  

Year-end pressure 

Most companies close their financial year during Christmas. This activity requires handling data and files between employees, which can also introduce more attack points for threat actors to exploit. In addition, the increased number of customers making purchases online during holidays will mean more customer data (both personal and payment) is held within online retailers’ IT systems. This makes them more lucrative targets for cybercriminals to steal this precious data.  

Service desk attacks to watch out for  

These are the most common ways your service desk employees could become compromised: 

Social engineering  

Social engineering covers a wide range of cyber-attacks, but the common theme is an attacker tricking a victim into willingly helping them achieve their goal. Hackers will attempt to deceive service desk staff by pretending to be authorized employees or vendors to gain unauthorized access to protected resources. A good example is the attack against Electronic Arts (EA Games) in 2021, where attackers were able to access the IT environment and steal sensitive users’ information by tricking an employee over Slack to provide a login token. 

Social engineering attacks are not limited to those conducted via the internet. For instance, hackers are using phone calls to deceive service desk employees into revealing sensitive information. Hackers impersonated an MGM Resorts employee via a phone call and convinced a service desk agent to give them account access. The attack was successful because MGM Resorts didn’t have a system to enforce end-user verification at the service desk, leaving them wide open to social engineering. 


Phishing is a type of social engineering tactic that uses email spoofing to trick victims into disclosing sensitive information or downloading malware. Attackers send messages pretending to be from a trusted source like your bank or work colleague. These emails convince unaware users to click malicious links or share private data. For instance, around the holidays, cybercriminals may craft phishing emails with holiday themes that appear to offer gift cards from upper management. If service desk staff, or other employees, click these fake gift redemption links, malware could unknowingly be downloaded into their work devices. 

Threat actors can leverage Open-Source Intelligence (OSINT) tools and techniques to harvest information about service desk staff to craft customized attacks against them. For instance, by collecting some personal information about target service desk employees’ social activities from their social media profiles, attackers can craft more convincing spear-phishing emails and aim to compromise an agent’s account. 

Credential stuffing 

Service desk personnel could sometimes reuse the same password to protect multiple accounts. This is a bad security practice that carries serious risk for organizations. Threat actors could leverage stolen credentials of one account found in darkweb repositories to gain access to the target service desk employee’s business account. For example, a service desk agent might be reusing their work password for every single online shop during the holiday period – it only takes one of those sites to become compromised. 

Tips to keep your service desk employees safe 

It’s essential to enforce best cybersecurity practices among your service desk staff and use the latest tools to maintain your organization’s security. Here are the most significant tips to keep your service desk staff safe: 

  • Cybersecurity training: Ongoing training of service desk staff will enable them to improve their ability to detect phishing attacks, avoid malware infection and become more vigilant to avoid falling victim to other types of social engineering attacks. Nevertheless, while ongoing security awareness training can help, cyber threats constantly evolve and attacks will inevitably get past humans as a last line of defense.  
  • Access controls: This includes security policies, procedures and tools used to secure access to protected resources. The most important procedure to apply in this context is to implement the principle of least privilege to ensure that support staff have only the required access to do their duties and nothing more. Then if they were to become compromised, an attacker is limited in the damage they can do. 
  • Improve your password reset procedure: Instead of calling service desk employees to reset users’ passwords, organizations can empower employees to securely reset passwords themselves. Specops uReset allows employees to independently reset their Active Directory passwords and update their locally cached credentials securely without requiring a VPN connection. This reduces password reset interactions with the service desk and prevents social engineering scenarios seen with the MGM Resorts hack
  • Better verification of end users: Specops Secure Service Desk enables service desks to enforce secure user verification using different methods, such as sending a one-time passcode to the mobile number associated with the user’s account or using other authentication services such as Duo Security, Okta, PingID, and Symantec VIP to verify callers. This added layer of defense can thwart social engineering attempts. 

Protect your service desk this holiday season 

The risks posed by cyberattacks targeting service desk employees highlight the need for continued vigilance, especially during holidays and weekends. While cybercriminals seek to exploit vulnerabilities when defenses are perceived to be lower, proactive prevention and early threat detection must remain priorities year-round. Speak to us today to see how uReset and Secure Service Desk could fit in with your organization.  

(Last updated on December 5, 2023)

picture of author marcus white

Written by

Marcus White

Marcus is a Specops cybersecurity specialist based in the UK. He’s been in the B2B technology sector for 8+ years and has worked closely with products in email security, data loss prevention, endpoint security, and identity and access management.

Back to Blog

Related Articles

  • Delegated password reset permission for your helpdesk

    This may come as a surprise to some, but you don’t need to grant domain admin rights for common administrative tasks, like unlocking accounts and resetting passwords. There’s a better way, and it is so easy, you’ll wonder why you haven’t done it all along. Open Active Directory Users and Computers. Right-click on the user…

    Read More
  • Helpdesk password reset best practices

    If your organization is currently using a self-service password reset solution, it is critical that the helpdesk staff who manage the system, and assist users, consistently follow best practices. This post will provide tips for reducing password-related calls to the helpdesk, and outline some security measures for safeguarding user accounts. Educate and direct to self-service…

    Read More
  • MGM Resorts hack: How attackers hit the jackpot with service desk social engineering

    Hotel and entertainment giant MGM Resorts have been left reeling after a serious cyber-attack that kicked off with a fraudulent call to their Service Desk. Since last week, there’s been a struggle to get systems back online after widespread outages across its famous Las Vegas properties, including the MGM Grand, Bellagio, Aria, and Cosmopolitan. The…

    Read More