Deceptive Help Desk Responses

Engage Goals: EGO0002 Affect

Engage Approach: EAP0005 Disrupt

Engage Actions: EAC0012 Personas, EAC0015 Information Manipulation

Name of Element: Deceptive Help Desk Responses

Description of Element:

Goal: Disrupt attacker attempts to gain information or access through help desk impersonation.

Approach: Training help desk personnel to provide deceptive responses to suspicious inquiries.

Train help desk personnel to identify and respond to social engineering attempts with deceptive information, delays, or redirects to security teams. This can disrupt attacker reconnaissance, frustrate their efforts, and buy time for incident response.

Technical Context:

This element requires careful planning and training to ensure that legitimate requests are still handled effectively. This aligns with the MITRE ATT&CK technique T1588.001 (Obtain Capabilities: Code Signing Certificates).

Other:

Combine this with deceptive call routing or automated responses to further deter attackers.

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense