Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
5 Days |
Required Data |
|
Detection Modules |
Identity Threat Module |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
An administrator has disabled Multi-Factor Authentication for Google Workspace users.
Attacker's Goals
Gain access to Google Workspace accounts with disabled MFA. Exploit Google Workspace accounts with weaker security. Steal sensitive data from Google Workspace accounts.
Investigative actions
- Check the MFA settings for the Google Workspace users.
- Identify the users who have MFA disabled and investigate the reason for it.
- Check the security log to see if there have been any suspicious activities in the account.