Microsoft Warns of Rise in Stolen Cloud Tokens Used to Bypass MFAMicrosoft Warns of Rise in Stolen Cloud Tokens Used to Bypass MFA
Analysts see an uptick in token theft from authenticated users, allowing threat actors to bypass MFA protections.
November 21, 2022
Threat actors are stealing authentication tokens already verified by multifactor authentication (MFA) to breach organizations' systems.
A new alert from Microsoft Detection and Response Team (DART), said token theft for MFA bypass is particularly dangerous because it requires little technical expertise to pull off, it's tough to detect, and most organizations haven't considered token theft as part of their incident response plan. And as employees increasingly access systems through personal devices, security controls are weaker and malicious activity is hidden from the security team's view.
Full visibility into devices reduces token theft risk, but DART concedes that's difficult with so many unmanaged devices accessing the network. For unmanaged devices, they recommend conditional access policies and strong controls.
"As far as mitigations go, publicly available open-source tools for exploiting token theft already exist, and commodity credential theft malware has already been adapted to include this technique in their arsenal," DART added in its blog post about the MFA workaround. "Detecting token theft can be difficult without the proper safeguards and visibility into authentication endpoints."
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Burnout Breach: How employee burnout is emerging as the next frontier in cybersecurity
Quantifying the Gap Between Perceived Security and Comprehensive MITRE ATT&CK Coverage
Get the Gartner Report: SOC Model Guide