Keypoints
- Attackers target service desks because they can reset passwords and MFA.
- Scattered Spider used impersonation to breach major UK retailers.
- Silent Ransom Group posed as IT support to trick employees.
- Service desk attacks often begin with reconnaissance and spoofed identities.
- Defenses include strict verification, limited privileges, and monitoring.