Follow us on Twitter
Follow us on FacebookHackers stealing cookies
@ 2022/08/23Bypass multi-factor authentication
Hackers are stealing cookies from current or recent web sessions to bypass multi-factor authentication.
A Sophos report said that the attack method is growing and the "cookie-stealing cybercrime spectrum" ranges from "entry-level criminals" to advanced adversaries.
Cybercriminals collect cookies or buy stolen credentials "in bulk" on dark web forums. Ransomware groups also harvest cookies and "their activities may not be detected by simple anti-malware defenses because of their abuse of legitimate executables, both already present and brought along as tools,"Sophos wrote.
Browsers allow users to maintain authentication, remember passwords and autofill forms. That might seem convenient, but attackers can exploit this functionality to steal credentials and skip the login challenge.
Behind the scenes, browsers use SQLite database files that contain cookies. These cookies are composed of key-value pairs, and the values often contain critical information such as tokens and expiration dates.
Hackers are stealing cookies from current or recent web sessions to bypass multi-factor authentication.
A Sophos report said that the attack method is growing and the "cookie-stealing cybercrime spectrum" ranges from "entry-level criminals" to advanced adversaries.
Cybercriminals collect cookies or buy stolen credentials "in bulk" on dark web forums. Ransomware groups also harvest cookies and "their activities may not be detected by simple anti-malware defenses because of their abuse of legitimate executables, both already present and brought along as tools,"Sophos wrote.
Browsers allow users to maintain authentication, remember passwords and autofill forms. That might seem convenient, but attackers can exploit this functionality to steal credentials and skip the login challenge.
Behind the scenes, browsers use SQLite database files that contain cookies. These cookies are composed of key-value pairs, and the values often contain critical information such as tokens and expiration dates.
