Multi-factor authentication is a great way to keep cybercriminals at bay, but some seem to be able to bypass this type of protection by stealing application and browser session cookies.
Cybersecurity researchers at Sophos say they're seeing a growing appetite for cookies, among malware of all levels of sophistication. From data stealers like Racoon Stealer or RedLine Stealer to destructive Trojans like Emotet, a growing number of viruses and malware have cookie-stealing capabilities.
By stealing session cookies, hackers can bypass multi-factor authentication because, with cookies, the service already considers the user authenticated and simply grants access immediately. It also makes it a high-value asset on the black market, with Sophos seeing cookies being sold on Genesis, where members of the Lapsus dollar extortion group bought one, leading to a major data theft from the video game giant. EA.
buy galletas
After purchasing a Slack session cookie from Genesis, the threat actor managed to spoof an existing EA employee login and trick the company's IT team into providing network access. This allowed them to steal 780 GB of data, including game and graphics engine source code, which was later used in an extortion attempt.
The biggest problem with cookies is that they last a relatively long time, especially for applications like Slack. A longer-lived cookie means hackers have more time to react and compromise a device (Opens in a new tab). IT teams can program their browsers and applications to shorten the time allowed for cookies to be valid, but this comes with a caveat: it means users would have to re-authenticate more often, which, in turn, means that IT teams must find the perfect solution. balance. between safety and comfort.
Cookie abuse can also be prevented through behavior rules, Sophos says, saying you can stop untrusted scripts and programs "with a number of memory and behavior detections."