Threat: Multiple Sign Ins

[nathand99]

If the account was logged in from two different geographical locations or devices

Possible remediation:

• Alert account user there has been a malicious login (through email)
• Monitor the user actions to determine if there has been suspicious behaviour

[nathand99]

I attempted to fix this by putting a lambda trigger on post-authentication where if the device being used to log into Mythical Mysfits is new (has not been used before to log in to this account) an email would be sent to the user letting them know.

However, when testing this, I found that Cognito did this automatically (after I turned on Advanced Security on Cognito as part of #79 Threat: Password Spraying) as it detects an account takeover.

[nathand99]

This is the email I received. The email address is mine which I linked with SES. The problem I was having with the lambda function was that my email that I linked with SES (the one that sent this email) is "sandboxed" and there is a process where it needs to be approved.

If cognito sends this email, then if my lambda function were to work, 2 almost identical emails would be sent about new device login so I think this email sent from cognito does the job