This is what makes this attack so dangerous: It won't help even if you have multi-factor authentication enabled. As far as the system is concerned, if someone gets your session cookie, they are already "authenticated."
The only effective defense against session hijacking is IP restriction. Even if your session is stolen, the attacker cannot use those stolen credentials if their IP address does not match your approved list.
“But Managing Static IPs Is Too Complicated”
The majority of MSPs get stuck here. They are aware of the issue, but they haven't implemented IP restrictions on RMM tools and PSA software since they are concerned about the infrastructure.
SASE (Secure Access Service Edge) platforms are the answer, and it's easier than you may imagine. Regardless of where they are working, your technicians' computers will always originate from the same IP addresses.
Having that backup alternative is the key. You still have your backup IP address in case your primary SASE solution experiences problems.
Also Read: Guide to Check Which Powershell Version You are Using
