Help Desk Hoax: How Attackers Bypass Tech Defenses

Team Cymru's Thomas on Social Engineering, Insider Threats and Supplier Compromise Mathew J. Schwartz (euroinfosec) • June 10, 2025

Social engineering attacks against major British retailers including M&S, Co-op and Harrods have exposed critical vulnerabilities in corporate cybersecurity defenses, costing companies tens or hundreds of millions of pounds across the U.K.

See Also: How Generative AI Enables Solo Cybercriminals

The attacks typically begin with threat actors calling IT help desks to reset employee credentials, said Will Thomas, senior threat intelligence advisor at Team Cymru. Once inside corporate networks, attackers move laterally through systems to reach hypervisors hosting thousands of virtual machines. This approach bypasses traditional security controls because endpoint detection software can't monitor hypervisors or detect socially engineered credential theft.

"These online cyberattacks have real-world implications and disruption," Thomas said. "Once the adversary is in, they can then pivot to virtualized infrastructure, across the identity plane, and get ...