microsoft-warns-of-rise-in-stolen-cloud-tokens-used-to-bypass-mfa

Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Microsoft Warns of Rise in Stolen Cloud Tokens Used to Bypass MFA

Threat actors are stealing authentication tokens already verified by multifactor authentication (MFA) to breach organizations’ systems. 

A new alert from Microsoft Detection and Response Team (DART), said token theft for MFA bypass is particularly dangerous because it requires little technical expertise to pull off, it’s tough to detect, and most organizations haven’t considered token theft as part of their incident response plan. And as employees increasingly access systems through personal devices, security controls are weaker and malicious activity is hidden from the security team’s view. 

Full visibility into devices reduces token theft risk, but DART concedes that’s difficult with so many unmanaged devices accessing the network. For unmanaged devices, they recommend conditional access policies and strong controls. 

“As far as mitigations go, publicly available open-source tools for exploiting token theft already exist, and commodity credential theft malware has already been adapted to include this technique in their arsenal,” DART added in its blog post about the MFA workaround. “Detecting token theft can be difficult without the proper safeguards and visibility into authentication endpoints.” 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Related News

Top 6 Cell Phone Tracker Apps for Parental Control

Top 6 Cell Phone Tracker Apps for Parental Control

Do you have difficulty knowing what your kids are up to when you’re not around? Do you want to ensure…
Moses Staff Hackers Publish Footage of Jerusalem Explosion

Moses Staff Hackers Publish Footage of Jerusalem Explosion

In a dramatic series of events, an Iranian hacker group by the name of Moses Staff published footage of the…
Watch Out Gamers: Hackers Exploiting MSI Afterburner to Deliver Coin Miner

Watch Out Gamers: Hackers Exploiting MSI Afterburner to Deliver Coin Miner

Cyble Research & Intelligence Labs (CRIL) recently uncovered a phishing campaign used by threat actors to deliver cryptocurrency miner softwares…