LIVE · cybersecurity feed
aihigh

3 Ways AI Powers Service Desk Attacks and How to Prevent Them

zeroday.news·3h ago

Artificial intelligence is becoming a significant tool for attackers targeting service desks, as highlighted by IBM's 2025 Cost of a Data Breach Report, which found AI used in 16% of breaches. These attacks often leverage AI for sophisticated phishing and deepfake impersonation, aiming to bypass technical security controls by manipulating service desk agents. The onboarding process is particularly vulnerable due to the inherent need for new employees to gain rapid access while their identities are not yet fully established within the organization.

Attackers are using AI to make impersonation attempts more convincing. Generative AI can quickly produce polished emails, chat messages, and call scripts that mimic legitimate communications. In more advanced scenarios, AI-generated voice or video can be used to impersonate employees, making it exceedingly difficult for service desk agents to discern real requests from fraudulent ones. This is especially problematic during onboarding, where attackers can pose as new hires and exploit the expected access issues to push through malicious requests.

AI also significantly accelerates the reconnaissance phase, enabling attackers to gather and personalize information more effectively. By scraping public sources like LinkedIn, company websites, and social media, threat actors can gather details about new employees, their roles, departments, and even the internal tools they will use. AI then helps weave this information into believable narratives, making malicious requests appear routine and increasing the likelihood of quick approval.

The scalability of service desk attacks is another area where AI provides a considerable advantage. Attackers can use AI to generate numerous variations of phishing emails and pretexts, allowing them to test and adapt their social engineering campaigns rapidly. This ability to scale and adapt makes it harder for service desks, which are designed for speed, to differentiate genuine tasks from persistent, urgent-sounding malicious requests.

To combat these AI-enabled threats, a shift from relying solely on agent judgment under pressure to implementing specialized security solutions is necessary. Securing the onboarding process, a high-risk period for service desks, is paramount. Solutions that provide robust identity verification tools empower agents to confidently validate users and protect credentials.

One key preventive measure is secure password delivery during onboarding. Instead of sending sensitive credentials via insecure channels like SMS or email, organizations can utilize secure enrollment links. This approach allows new hires to create their own strong passwords, eliminating the risk of interception during transit from the service desk.

Biometric liveness detection offers another layer of defense against impersonation. Traditional identity checks, such as answering security questions, are increasingly vulnerable to information sourced online. Liveness detection ensures that a real person is present during verification, effectively countering static images, recordings, masks, or deepfakes, which is crucial for remote onboarding scenarios.

Finally, verifying identity rigorously before sensitive service desk actions are performed is critical. Actions like resetting privileged account passwords should trigger enhanced checks, including biometric liveness detection, to provide high assurance of the request's legitimacy and its association with the correct account. This ensures agents can make trust decisions with greater confidence, moving away from assumed trust to verified identity.

aiservice desksocial engineeringidentity verificationonboarding
← Back to latest

More News

view all →
zeroday.news · 3h ago·high

Operationalizing Day Minus Seven: The Cloud-Native ROC

The article introduces the concept of a Risk Operations Center (ROC) as a necessary evolution for cybersecurity teams facing AI-driven threats. It argues that traditional risk management models are insufficient due to the speed at which AI can discover and exploit vulnerabilities, especially in cloud environments. A ROC, powered by platforms like Qualys Enterprise TruRisk Management (ETM), aims to unify disparate security findings, hyper-prioritize risks based on exploitability and business impact, and enable autonomous remediation to keep pace with attackers.

zeroday.news · 3h ago·high

Bug in top AI coding agents shows that Unix-era security headaches never really die

A vulnerability dubbed "GhostApproval" has been discovered in at least six popular AI coding assistants, allowing them to access files outside their designated workspaces and potentially execute remote code. The flaw exploits symbolic links, a long-standing security issue, to trick agents into writing malicious content, such as SSH keys, to sensitive system files. While some vendors have patched the issue and assigned CVEs, others have downplayed the risk or are yet to release fixes.

zeroday.news · 2h ago·high

China-Linked APT Expands Arsenal With New ‘Leash’ Backdoors

A China-linked advanced persistent threat (APT) group, identified as LapDogs, has reportedly enhanced its malicious toolkit. Security researchers have observed the deployment of three new backdoors: LongLeash, DogLeash, and JarLeash, which are designed to compromise small office/home office (SOHO) routers.

zeroday.news · 2h ago·high

RedWing Android Spyware Sold as a Service on Telegram

A new Android spyware called RedWing is being offered as a service on Telegram, allowing less sophisticated attackers to compromise phones and steal banking information. Researchers have identified it as a polished malware-as-a-service operation with extensive documentation and a subscription model, potentially linked to Russian threat actors. RedWing employs fake login overlays, SMS interception, call forwarding, and even screen control to harvest credentials and conduct further malicious activities.

zeroday.news · 3h ago·critical

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Ubiquiti has released security updates to address several critical vulnerabilities affecting its UniFi product line, including UniFi Connect, Talk, Access, Protect, and OS. These flaws could allow attackers to escalate privileges or execute arbitrary commands on affected devices. While no active exploitation has been reported for these specific vulnerabilities, the company has previously seen its UniFi OS and Edge OS products targeted by threat actors.

zeroday.news · 3h ago·high

Armored Likho Hits Government, Energy Sectors With BusySnake Stealer

Cybersecurity researchers have identified a new threat actor, dubbed Armored Likho, targeting government and energy sectors in Russia, Kazakhstan, and Brazil with a sophisticated phishing campaign. The operation utilizes a custom-built Python infostealer named BusySnake, designed to steal credentials, sensitive documents, and other high-value data. The attackers employ AI-generated payloads to obscure their activities and maintain persistence through various methods, including reverse SSH tunneling.