Threat: Password Spraying

[nathand99]

Attempted to login to the Mythical Mysfits site but failed to remember password. Repeated attempts either successful/unsuccessful

Possible mediation:

• Send an email alert to the account owner
• Collate important information such as source IP, http agent and time
• Cloud watch pattern detection for 403 /login response
• Send a message to WAF to block the IP address of the attacker

[nathand99]

I turned on Advanced Security on Cognito which uses adaptive authentication to add protections against sign-in attempts that are rated as higher risk such as coming from an unrecognized location or device. See more: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html This will alert the user if there are logins (successful or unsuccessful) which are deemed risky by the adaptive authentication.