Questions regarding tokens/sessions maliciously created during Phishing

Jeb-6568 40 Reputation points
2024-03-21T14:44:55.2466667+00:00

Hello,

I have a few questions related to Phishing attacks that steal creds/create sessions for threat actor:

  • If a threat actor steals a token/creates a malicious session using cred proxy, can they keep refreshing it themselves?
  • Fastest way to kill a suspected stolen token/malicious session (is there a lag)?
  • Does reset password kill all sessions?

Thanks!

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,815 questions
Microsoft Intune Security
Microsoft Intune Security
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
370 questions
0 comments
Accepted answer
  1. Jing Zhou 4,670 Reputation points Microsoft Vendor
    2024-03-25T08:12:17.6633333+00:00

    Hello,

     

    Thank you for posting in Q&A forum.

    Yes, the session can be kept and refreshed even the password is changed.

     

    From network aspect, once you detect any suspicious IP address you can prevent the session by blocking the IP address. Otherwise, you need to check if there's any securify measures for your application (e.g. Microsoft Defender for office 365 can safeguard your organization against malicious).

     

    To help other customers who may be facing the same issue, please don't forget to vote if the reply is helpful.

     

    Best regards,

    Jill Zhou

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest