Sophos: Employing Stolen Session Cookies to Navigate MFA & Access Networks

Sophos: Employing Stolen Session Cookies to Navigate MFA & Access Networks



Hackers on the internet keep getting better. Stealing cookies from recently completed or ongoing web sessions is one new strategy they have been employing to avoid multi-factor authentication (MFA).  Recently, Sophos researchers reported a new attack technique that is already becoming more prevalent. According to the researchers, the “cookie-stealing cybercrime spectrum” is vast, encompassing entry-level hackers as well as sophisticated rivals who employ a variety of strategies.  On dark web forums, cybercriminals purchase stolen credentials in bulk or collect cookies. Because ransomware groups exploit genuine executables, both those that are already present and those that are added as tools, ‘their operations may not be detected by simple anti-malware defenses.’ Cookie theft

Cookies are used by cloud infrastructures as well for user authentication. It’s becoming simpler for entry-level attackers to engage in credential theft thanks to the malware-as-a-service sector. 
For instance, all they need to do is purchase a copy of an information-stealing Trojan like Raccoon Stealer to bulk collect information like cookies and passwords and then sell them on illicit markets like Genesis. Once this data is purchased, other criminals in the attack chain, such as ransomware developers, can search through it for anything they think would help their attacks.&

[…]Content was cut in order to protect the source.Please visit the source for the rest of the article.


This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article:






Share this:




Like th ..

Support the originator by clicking the read the rest link below.