Collection: Latest insights and cybersecurity resources
Token Theft Part 2 - Defensive
Defenders should focus on those users who trigger multiple alerts rapidly. For example, a risky sign-in followed closely by indicators of persistence techniques, such as mailbox rule creation.
Two detection sources are very helpful in detecting and alerting of token theft attacks, for example: Azure Active Directory Identity Protection and Microsoft Defender for Cloud Apps
Token Theft Part 1 - Offensive
An increasing number of cyber-attacks employ techniques to bypass multi-factor authentication (MFA) which allows criminals the ability to access corporate networks with limited ability by security teams to detect these threats.