News Tech: To get beyond multi-factor authentication, hackers are stealing cookies from recent or active web visits.
On dark web forums, cybercriminals purchase stolen credentials “in bulk” or collect cookies. Additionally, ransomware gangs collect cookies, and according to a Sophos report, “their operations may not be detected by standard anti-malware defences due to their misuse of legal executables, both already present and brought along as tools.”
According to a Sophos analysis, the assault technique is expanding and the “cookie-stealing cybercrime spectrum” includes both “entry-level crooks” and more experienced adversaries.
Users may keep their authentication up, remember their passwords, and autofill forms using browsers. Although it might appear practical, hackers can use this feature to steal passwords and avoid the login challenge.
Attackers can also use spear-phishing and phishing campaigns to implant droppers that can covertly deploy cookie-stealing malware in order to obtain initial access.
The cookies are then utilised for lateral and post-exploitation movements. They can be used by cybercriminals to change user account passwords and associated emails, to lure users into downloading further malware, or even to launch other exploitation tools like Cobalt Strike and Impacket kit. Cookies must have a brief shelf life. In any other case, persistent authentication might develop into a persistent threat. Due to the cookies’ lack of the requisite flags, even with excellent security procedures, you may still fall victim to hacking (e.g., HttpOnly, Secure attribute). For instance, SSL/TLS channels must be used for sending authentication cookies. Otherwise, the information could be transferred in plain text, making it simple for attackers to intercept credentials by simply sniffing network traffic.
Check the latest news about tech news section for best information.