Share via

Questions regarding tokens/sessions maliciously created during Phishing

Jeb-6568 60 Reputation points
2024-03-21T14:44:55.2466667+00:00

Hello,

I have a few questions related to Phishing attacks that steal creds/create sessions for threat actor:

  • If a threat actor steals a token/creates a malicious session using cred proxy, can they keep refreshing it themselves?
  • Fastest way to kill a suspected stolen token/malicious session (is there a lag)?
  • Does reset password kill all sessions?

Thanks!

Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
Microsoft Security | Intune | Security
0 comments
Accepted answer
  1. Jing Zhou 7,770 Reputation points Microsoft External Staff
    2024-03-25T08:12:17.6633333+00:00

    Hello,

     

    Thank you for posting in Q&A forum.

    Yes, the session can be kept and refreshed even the password is changed.

     

    From network aspect, once you detect any suspicious IP address you can prevent the session by blocking the IP address. Otherwise, you need to check if there's any securify measures for your application (e.g. Microsoft Defender for office 365 can safeguard your organization against malicious).

     

    To help other customers who may be facing the same issue, please don't forget to vote if the reply is helpful.

     

    Best regards,

    Jill Zhou

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.