Overview

This article will explain the ACSIA alert called "login attempt from an unauthorized location".

Explaining the login attempt from an unauthorized location

"Login attempt from an unauthorized location" refers to a login or access request to a computer system, network, or application that originates from a location or source that is not considered trustworthy or legitimate. The system recognizes the source as an unauthorized location based on predefined criteria, such as an approved IP address range or a recognized physical location, not allowing the login attempt to proceed any further.

Example of a "login attempt from an unauthorized location" attack:

Let's consider a company with a secure internal network used by its employees. To enhance security, the company's IT team has set up a Virtual Private Network (VPN) that employees must use to access the network remotely from outside the office. The VPN requires employees to log in with their credentials and, once authenticated, they can access the company's resources securely.

An attacker wants to gain unauthorized access to the company's network and the valuable data it contains. They somehow manage to steal an employee's login credentials through a phishing email.

With the stolen credentials, the attacker attempts to log in to the company's VPN from their own location, which is outside the company's authorized office network. The system detects this login attempt as originating from an unauthorized location since it doesn't match the pre-approved IP address range or physical location associated with the company's employees.

ACSIA alerts you when a login to your infrastructure is attempted from unauthorized an unauthorized location.