As organizations increase their coverage of multifactor authentication
(MFA), threat actors have begun to move to more sophisticated
techniques to allow them to compromise corporate resources without
needing to satisfy MFA. Recently, the Microsoft Detection and Response
Team (DART) has seen an increase in attackers utilizing token theft
for this purpose. By compromising and replaying a token issued to an
identity that has already completed multifactor authentication, the
threat actor satisfies the validation of MFA and access is granted to organizational resources accordingly. This poses to be a concerning
tactic for defenders because the expertise needed to compromise a
token is very low, is hard to detect, and few organizations have token
theft mitigations in their incident response plan.
https://www.microsoft.com/en-us/security/blog/2022/11/16/token-tactics-how-to-prevent-detect-and-respond-to-cloud-token-theft/
--
(Please remove QRM for direct replies)
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)