Excessive disruption of Slack user sessions via invalidation
Description
AlphaSOC detected an excessive number of Slack user session invalidations. This activity involves the repeated termination of active user sessions within the Slack workspace.
Impact
Adversaries may disrupt user sessions to interrupt the availability of Slack, causing significant disruption to business operations. This tactic can force legitimate users to repeatedly re-authenticate, leading to productivity loss, communication delays, and inability to access critical information when needed.
Severity
| Severity | Condition |
|---|---|
Medium | Excessive disruption of Slack user sessions via invalidation |
Investigation and Remediation
Investigate the source of these session invalidations by reviewing Slack audit logs and identifying the account responsible for initiating these actions. Revoke the permissions of the suspected compromised account and perform a thorough security assessment of the environment for other signs of compromise.