One of the latest practice of hackers in bypassing credentials and accessing private data bases in "cookie stealing." This is according to a report by Sophos.
Organizations are advised to move their sensitive information to cloud. Another safety means is to use multifactor authentication (MFA).
Unfortunately, hackers have found a way to collect cookies linked to login details. These bad actors "replicate" them in order to breach the active or recent web sessions, according to Digital Trends.
Cookies Help Bad Actors Access Systems Despite of Safety Protocols
Because of cookie stealing, the hackers "are able to exploit several different online tools and services," as per Digital Trends. Browsers, web-based applications, web services, malware-infected emails, and ZIP files are prone to this exploitation.
Hacking using cookies is a cunning practice, that is because cookies are so widely used. Because of this, the use of cookies can help bad actors access systems despite the enforced safety protocols.
According to Sophos, one cookie-stealing malware that targets data in the Google Chrome browser is Emotet botnet. It targets stored logins and payment card data.
Emotet botnet can collect login details even if the browser is encrypted and used multifactor authentication.
In addition, ransomware groups also collect cookies. Unfortunately, simple anti-malware defenses cannot detect their activities "because of their abuse of legitimate executables, both already present and brought along as tools," as per eSecurity Planet.
Hackers Collect and Buy Cookies
On a larger scale, cybercriminals are able to collect cookies. To some extent, they buy stolen credentials from underground market places, according to eSecurity Planet.
For instance, an Electronic Arts game developer's login details were found in the marketplace called Genesis. Reportedly, an extortion group Lapsus$ purchased it.
Lapsus$ replicated EA employee login credentials. This led for the group to obtain access to the company's networks, eventually stealing 780 gigabytes of data.
Game and graphics engine source code details were stolen by the extortion group. They used these stolen data to try to extort EA.
In March, Lapsus$ also hacked the databases of Nvidia. According to reports, the hack might have compromised the login information of more than 70,000 employees.
Aside from the login information of employees, the extortion group collected 1TB of data from the company. This includes schematics, drivers, and firmware details. It is not confirmed, however, whether the hack is due to cookie stealing.
It is easy to crack other cookie-stealing if they are "software-as-a-service products," like Amazon Web Services (AWS), Azure, or Slack.
Such hacking begins when bad actors obtain basic access to the login details. They, then, trick users into downloading malware or sharing sensitive information.
According to Digital Trends, these kind of services have tendencies to stay open and run persistently. This only means that their cookies "don't expire often enough to have their protocols to be sound security-wise."
Sophos mentioned that to keep a better protocol, users may be opted to regularly clear their cookies. But the downside of doing such practice is having to reauthenticate each time.
Related Article: New Malware Called YTStealer is Targeting YouTube Creators and Their Channels