The cookie theft: How are hackers bypassing two-factor authentication with cookies?
As per a report by Sophos, "cookie theft" is one of the latest hacking techniques that hackers are employing to bypass credentials and access private databases. As a precaution, organizations are advised to move their sensitive information to the cloud.
There is also the option of using multifactor authentication (MFA) as a safety measure. A hacker has found a way to collect cookies linked to login details. According to Digital Trends, these bad actors "replicate" them to compromise active or recent web sessions.
The hackers can exploit several different online tools and services thanks to cookie theft, according to Digital Trends. It can be exploited through browsers, web-based applications, web services, malware-infected emails, and ZIP files. As cookies are widely used, hacking through them is a cunning practice.
In this way, cookies can be used by bad actors to access systems despite safety protocols that are enforced. A cookie-stealing malware that targets the Chrome browser, Emotet, is identified by Sophos. Payment card information and stored logins are targeted.
A botnet called EmoTet can be used to collect login details even if the browser is encrypted, and multifactor authentication is enabled. Furthermore, ransomware groups collect cookies as well.
A simple anti-malware solution cannot detect their activities "because they use legitimate executables, both those that are already present and those that are introduced as tools," according to eSecurity Planet. A large number of cookies can be collected by cybercriminals. eSecurity Planet says they buy stolen credentials from underground marketplaces to some extent.
The username and password of an EA employee were replicated by Lapsus$. The group eventually stole 780 gigabytes of data after gaining access to the company's networks. A group of extortionists stole game and graphics engine source code details.
EA was extorted using this stolen data. A hack of Nvidia's database was also conducted by Lapsus$ in March. Over 70,000 employees' login information might have been compromised by the hack, according to reports. In addition to employee login information, the extortion group gathered 1TB of data.
The details include schematics, drivers, and firmware. There is no confirmation, however, that the hack was caused by cookie theft.AWS, Azure, and Slack, which are software-as-a-service products, are easy to crack. An attacker obtains basic access to login details and then starts hacking. By tricking users, they download malware or share sensitive information.
Digital Trends states that these kinds of services tend to run persistently. Their cookies expire too rarely for their protocols to be secure. As part of a better protocol, Sophos recommends users regularly clear cookies to maintain a better level of security. This practice, however, has the downside of requiring reauthentication every time.