Case :
UB6.C3 Generate tokens
UB6.C4.K1 Users authenticate with SMS
Protection :
UB6.C3.P1 Use tokens with short lifespans or implement token rotation strategies.
UB6.C3.P2 Implement a process to detect and revoke compromised tokens as soon as possible.
UB6.C3.P3 To store tokens use secure storage solutions, such as environment variables, key management service or secure vaults.
UB6.C4.K1.P1 Avoid using SMS as the primary form of 2FA.
Threat :
UB6.C3.T1 Long-lived tokens that are not rotated regularly increase the risk of misuse if they are compromised.
UB6.C3.T2 If a token is compromised and not immediately revoked, unauthorized access can continue
UB6.C3.T3 Storing tokens in plain text can expose them to unauthorized access.
UB6.C4.K1.T1 Cybercriminals can send fake verification codes or request real codes sent by legitimate services.K
–KQL Queries –
UB1.C1.K1.T1 – Send personal or confidential Data
UB1.C7.T1 – Unauthorised user access to restricted or sensitive information over the delegated mailbox