How Hackers Are Exploiting Stolen Cookies To Attack Corporate Organisations – Research

How Hackers Are Exploiting Stolen Cookies To Attack Corporate Organisations – Research

Cybercriminals are increasingly using stolen session cookies to get beyond Multi-Factor Authentication (MFA) and access company resources, according to the most recent report from Sophos, a leader in next-generation cybersecurity.

ALSO, READ How To Protect Your Company Website From Hackers (2022)

In certain instances, cookie theft itself is a highly focused operation, with adversaries harvesting cookie data from compromised systems within a network and using legitimate applications to mask the malicious activity, according to the research “Cookie Stealing: the new perimeter bypass”.

ALSO, READ Cybercrime Costs Organisations $1.79 Million Every Minute – RiskIQ Study

Cookie theft happens when a third party downloads session data that isn’t encrypted from a website and utilizes it to pose as a legitimate user. When a user accesses reliable websites over an unprotected or public Wi-Fi network, cookie theft most frequently happens.

Hackers Exploiting Stolen Cookies To Attack Organisations

According to Sophos, once the attackers use the cookies to gain access to corporate web-based and cloud resources, they can use those resources for further exploitation, such as compromising business emails, using social engineering to gain more system access, or even altering data or source code repositories.

ALSO, READ Cybersecurity Threat: A Growing Issue In Nigeria – NCC Research

Research Report Details 

Commenting on the report, Principal Threat Researcher at Sophos, Sean Gallagher, said: “Over the past year, we’ve seen attackers increasingly turn to cookie theft to work around the growing adoption of MFA. Attackers are turning to new and improved versions of information stealing malware like Raccoon Stealer to simplify the process of obtaining authentication cookies, also known as access tokens. If attackers have session cookies, they can move freely around a network, impersonating legitimate users.”

ALSO, READ Microsoft Recently Releases Fix for Zero-Day Flaw (July 2022 Edition) Security Patch Rollout

“While historically we’ve seen bulk cookie theft, attackers are now taking a targeted and precise approach to cookie stealing. Because so much of the workplace has become web-based, there really is no end to the types of malicious activity attackers can carry out with stolen session cookies.

“They can tamper with cloud infrastructures, compromise business email, and convince other employees to download malware or even rewrite code for products. The only limitation is their own creativity. Complicating matters is that there is no easy fix. For example, services can shorten the lifespan of cookies, but that means users must re-authenticate more often, and, as attackers turn to legitimate applications to scrape cookies, companies need to combine malware detection with behavioural analysis,” Gallagher added.

How To Block Cookie Theft

• Checking URLs is one of the simplest ways, according to cybersecurity experts, to prevent cookie theft and session hijacking. More secure websites use HTTPS to guarantee that all session traffic is SSL/TLS encrypted. Nowadays, the majority of websites use HTTPS encryption, however it’s wise to always double-check. When entering personal information, this is particularly true.
• Look at the URL at the top of your browser to see if a website uses HTTPS. For example, when a website is using HTTPS, Chrome shows a lock to the left of the URL.
• Avoiding using free public Wi-Fi, especially those without password security, is another privacy precaution. Use these recommendations whenever you connect to public WiFi to keep your data secure.

CYBERINFORMER.NET –  brings updates on the latest cyber security tips, online safety tips and cyber information, cyber security courses for Nigerians and Foreigners, Cyber security jobs for seekers and much more…