Hackers Use Cookie Theft to Bypass two factor authentication

Cookie theft is nothing but an attack that lets hackers bypass logins and gain access to personal databases.

According to Sophos, Cookie Theft is one of the latest trends in cybercrime. Hackers have found a way to bypass cookies attached to logins and copy them to hijack active or recent web sessions of programs that are not usually updated.

Security advice for organizations is to move their most sensitive information to cloud services or use Multi-Factor Authentication (MFA).

These hackers can exploit various online tools and services, including browsers, web applications and services, malware-infected emails, and ZIP files. The most insidious aspect of this hack is that cookies are so widely used that even with security protocols in place, they could still allow malicious users to gain access to a computer.

The emote botnet is one of a kind of cookie-stealing malware that targets data like login credentials and payment card data stored in the Google Chrome browser.

While browsing is involved in encryption and Multi-Factor Authentication, Sophos notes that Emote botnet can circumvent these protections. The login credentials of an Electronic Arts game developer ended up on a marketplace called Genesis, which is said to have been purchased by a blackmail group.

According to a report by TorrentFreak, cybercriminals can often purchase stolen cookie data, login credentials, and more in the underground market.

This group was able to clone EA employee credentials and eventually gained access to the company’s network, stealing 780 gigabytes of data. They gathered details about the game’s source code and the graphics engine they used to blackmail the company.

Also, Lapsus$ hacked Nvidia’s database in March. The breach reportedly exposed the credentials of 70,000 employees, along with 1 TB of company data, including terms, drivers, and firmware details.

However, it is unclear whether the hack was due to Cookie Theft. Hackers can use this to mislead users into downloading malware or sharing sensitive information.

When dealing with software-as-a-service products such as Amazon Web Services (AWS) or Slack other Cookie Theft opportunities can be found.

These services always run open, which means their cookies never expire because their protocols are secure. Reauthentication is required to log in to Facebook, Google, Twitter, or other major US websites that use cookies to access their services.

Users may also require to periodically delete their cookies to maintain the internet service provider’s (ISP) network infrastructure.

Twitter Is DOWN For Thousands Of Users, Claims Down Detector