Microsoft has detected a 111% year-over-year increase in token replay attacks, and incidents are continuing to grow. In token replay attacks, attackers steal tokens – authentication artifacts that grant users access to resources – commonly via malware or adversary-in-the-middle (AiTM) attacks, and then replay the token from somewhere else to impersonate users and access their data.
While token theft constitutes fewer than 5% of all identity compromises, Microsoft expects threat actors to continue using this technique, especially since it allows attackers to circumvent protection measures like multi-factor authentication (MFA).
In this blog post, Microsoft provides details on the mechanics of tokens, the token theft attack chain, and how Microsoft protects customers against token theft through token binding. We also provide recommendations for a systematic defense-in-depth approach to counter token theft attacks:
#Microsoft #Vulnerabilities #TechITNews
While token theft constitutes fewer than 5% of all identity compromises, Microsoft expects threat actors to continue using this technique, especially since it allows attackers to circumvent protection measures like multi-factor authentication (MFA).
In this blog post, Microsoft provides details on the mechanics of tokens, the token theft attack chain, and how Microsoft protects customers against token theft through token binding. We also provide recommendations for a systematic defense-in-depth approach to counter token theft attacks:
#Microsoft #Vulnerabilities #TechITNews