Comprehensive up-to-date news coverage

HomeNewsTech NewsThieves who steal cookies

Thieves who steal cookies

Published on

Follow us on Google News for latest updates and information.

News Tech: To get beyond multi-factor authentication, hackers are stealing cookies from recent or active web visits.

On dark web forums, cybercriminals purchase stolen credentials “in bulk” or collect cookies. Additionally, ransomware gangs collect cookies, and according to a Sophos report, “their operations may not be detected by standard anti-malware defences due to their misuse of legal executables, both already present and brought along as tools.”

According to a Sophos analysis, the assault technique is expanding and the “cookie-stealing cybercrime spectrum” includes both “entry-level crooks” and more experienced adversaries.

Users may keep their authentication up, remember their passwords, and autofill forms using browsers. Although it might appear practical, hackers can use this feature to steal passwords and avoid the login challenge.

Attackers can also use spear-phishing and phishing campaigns to implant droppers that can covertly deploy cookie-stealing malware in order to obtain initial access.

The cookies are then utilised for lateral and post-exploitation movements. They can be used by cybercriminals to change user account passwords and associated emails, to lure users into downloading further malware, or even to launch other exploitation tools like Cobalt Strike and Impacket kit. Cookies must have a brief shelf life. In any other case, persistent authentication might develop into a persistent threat. Due to the cookies’ lack of the requisite flags, even with excellent security procedures, you may still fall victim to hacking (e.g., HttpOnly, Secure attribute). For instance, SSL/TLS channels must be used for sending authentication cookies. Otherwise, the information could be transferred in plain text, making it simple for attackers to intercept credentials by simply sniffing network traffic.

See also  The football sprint recorded its first ever shutout, blanking Quincy 12-0

Check the latest news about tech news section for best information.

Latest articles

Use SSH on Windows/macOS/Linux

Hello everyone in this article on Use SSH on Windows/macOS/Linux. An SSH connection creates...

The United States Space Force has selected Firefly Aerospace for the VICTUS NOX “Rapid Space” mission

In Science and Space: Firefly Aerospace, Inc. today announced that it has been...

How to manage power settings on Windows 11

Hello everyone, in this article we will show you how manage power settings in...

British Prime Minister Truss trusts Kwarteng as Chancellor of the Exchequer

News Tech: According to her spokeswoman, British Prime Minister Liz Truss has faith...

More like this

Use SSH on Windows/macOS/Linux

Hello everyone in this article on Use SSH on Windows/macOS/Linux. An SSH connection creates...

The United States Space Force has selected Firefly Aerospace for the VICTUS NOX “Rapid Space” mission

In Science and Space: Firefly Aerospace, Inc. today announced that it has been...

How to manage power settings on Windows 11

Hello everyone, in this article we will show you how manage power settings in...

British Prime Minister Truss trusts Kwarteng as Chancellor of the Exchequer

News Tech: According to her spokeswoman, British Prime Minister Liz Truss has faith...

Connect A PlayStation 4 Controller To Your Android/iOS

In this article, we'll show you how Connect the PlayStation 4 controller to your...

Brighton vs. Liverpool: Live streaming online and worldwide TV information

In Science and Space: Brighton will be Liverpool’s visitors as they get ready...