Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label cookie theft. Show all posts
User Security
cookie theft Cyber Security FBI Gmail Users User Security

FBI Cautioned Gmail Users Regarding Cookie Theft

 

The FBI has warned users of popular email providers such as Gmail, Outlook, Yahoo, and AOL regarding a surge in online criminal activity that compromises email accounts, including those secured by multifactor authentication (MFA). 

Online criminals lure people into visiting suspicious websites or clicking on phishing links, which then download malicious applications onto their computers. One of the most common tactics they employ to gain access to email accounts is cookie theft. 

These session or security cookies, often known as "remember me" cookies, store login information to make it easier to access frequently visited websites and accounts. Cookie theft enables attackers to access users' accounts without requiring their username, password, or MFA. The FBI claims that this strategy works especially well when a user selects the "Remember this device" checkbox during login.

“This problem affects all email platforms with web logins, although Gmail, Outlook, Yahoo, and AOL are the largest targets,” notes cybersecurity expert Zak Doffman. “It also impacts other types of accounts such as shopping sites and financial platforms.” Google has been warning users about cookie theft and developing new ways to prevent it. However, the threat remains significant, as fraudsters develop new techniques. 

FBI warn users

The FBI advises users to take the following precautions to secure their accounts: 

  • Clear your internet browser's cookies on a regular basis. 
  • When logging into websites, avoid choosing the "Remember Me" checkbox.
  • Do not access unsecured websites or click on dubious links.
  • Check your account settings for recent device login history on a regular basis.

Despite the flaws identified in their warning, the FBI emphasises that MFA remains one of the best actions users can take to secure their accounts. Google agrees, describing security cookies as "fundamental to the modern web" because of their utility, but conceding that they are a tempting target for hackers. 

Organisations should also implement MFA on all platforms. Amazon just executed MFA to its workplace email service, WorkMail. Though it took a long time to implement, it is a positive step towards better safety. Finally, any type of multi-factor authentication is preferable to simply typing a password. 

Users should take all necessary precautions to safeguard their accounts by combining the newest security tools with sound security practices. Report cybercrime to the FBI's Internet Crime Complaint Centre (IC3) if you believe you have been a victim. The official FBI website has more thorough advice on how to safeguard your online safety.
Read more »
Online Security
cookie theft Cookies Cyber Security cybercriminals FBI Hacking https MFA Bypass Online Security

FBI Warns of Cybercriminals Stealing Cookies to Bypass Security

 

Cybercriminals are now targeting cookies, specifically the “remember-me” type, to gain unauthorized access to email accounts. These small files store login information for ease of access, helping users bypass multi-factor authentication (MFA). However, when a hacker obtains these cookies, they can use them to circumvent security layers and take control of accounts. The FBI has alerted the public, noting that hackers often obtain these cookies through phishing links or malicious websites that embed harmful software on devices. Cookies allow websites to retain login details, avoiding repeated authentication. 

By exploiting them, hackers effectively skip the need for usernames, passwords, or MFA, thus streamlining the process for unauthorized entry. This is particularly concerning as MFA typically acts as a crucial security measure against unwanted access. But when hackers use the “remember-me” cookies, this layer becomes ineffective, making it an appealing route for cybercriminals. A primary concern is that many users unknowingly share these cookies by clicking phishing links or accessing unsecured sites. Cybercriminals then capitalize on these actions, capturing cookies from compromised devices to access email accounts and other sensitive areas. 

This type of attack is less detectable because it bypasses traditional security notifications or alerts for suspicious login attempts, providing hackers with direct, uninterrupted access to accounts. To combat this, the FBI recommends practical steps, including regularly clearing browser cookies, which removes saved login data and can interrupt unauthorized access. Another strong precaution is to avoid questionable links and sites, as they often disguise harmful software. Additionally, users should confirm that the websites they visit are secure, checking for HTTPS in the URL, which signals a more protected connection. 

Monitoring login histories on email and other sensitive accounts is another defensive action. Keeping an eye on recent activity can help users identify unusual login patterns or locations, alerting them to possible breaches. If unexpected entries appear, changing passwords and re-enabling MFA is advisable. Taking these actions collectively strengthens an account’s defenses, reducing the chance of cookie-based intrusions. While “remember-me” cookies bring convenience, their risks in today’s cyber landscape are notable. 

The FBI’s warning underlines the importance of digital hygiene—frequently clearing cookies, avoiding dubious sites, and practicing careful online behavior are essential habits to safeguard personal information.
Read more »
SpyCloud
cookie theft Cookies Cyber Security CyberCrime Infostealer MFA session cookies SpyCloud

Stolen Session Cookies Turns Into the Next Cyber Threat


According to the recent Identity Exposure Report by SpyCloud, 87,000 credentials linked to Fortune 1000 C-level executives were recovered from the criminal underworld, in year 2022. Security leaders across organizations continue to live in constant terror of becoming a victim of a cyberattack and for good reason.

Cybercriminals can access networks and commit crimes including fraud, session hijacking, account takeover, and attacks with ransomware using exposed assets, such as usernames and passwords. Even though companies focus on enhancing their security tactics, like adding user authentication such as multifactor authentication and passkeys, criminals too put efforts into constantly being better in their crimes to bypass these high-end security barriers. One such method used commonly by threat actors includes using stolen active session cookies to commit session hijacking, which defeats the effectiveness of the conventionally employed safeguards.

In order to better their network defense and safeguard their customers, organizations and security experts must have a better understanding of the criminals’ methodologies to commit cybercrimes, like how they utilized stolen data for their profit.

Session Cookies 

Session cookies are present all over the online space, from websites to applications that assign a cookie or token to identify their users. The series of characters used in the process is further stored on the device, making re-access easier for the user. 

While this function provides personalized and smooth experience to users, this could be harmful if the data falls into the wrong hands. Using infostealer malware, cybercriminals can exfiltrate cookies and a variety of other data types from infected computers and implant them into browsers that cannot be easily detected, giving them the ability to pose as authentic users in a process known as session hijacking.

Impersonating as a legit user, a threat actor can thus freely navigate over the network committing fraud, helping a ransomware attack, stealing important company data, and more. No matter how the user signed in—using a username and password, a passkey, or by successfully completing the multifactor authentication (MFA) requirements—a session cookie will still confirm the user's identity.

Due to its difficult-to-detect nature, low cost of acquisition (normally available online for only a few dollars online/month), and regular success in stealing cookies and other recent, high-quality data has made infostealer quality soar. 

Protecting Businesses and Their Customers

According to SpyCloud data, cookie theft by cyber thieves is already fairly frequent, with over 22 billion device and session cookie records seized by criminals last year. This entry point will expand because fraudsters are having great success accessing accounts and businesses via these cookies. For organizations trying to preserve their bottom line, having a strategy to proactively disrupt criminal operations is a vital requirement.

The recently developed malwares are difficult to be detected, considering their well-crafted designs. Common infostealers frequently leave little to no evidence of infection on the victim's device and exfiltrate sensitive data in a matter of seconds.

However, there are certain measures organizations can adopt in order to evade any risk from this malware as listed below: 

  • Educating employees about these threats has become crucial. Employees can alone reduce total malware exposure by identifying phishing attempts, exercising caution while using unmanaged or poorly maintained devices to access corporate systems and networks, not sharing passwords, and being aware of potentially harmful email attachments, websites, and downloads.
  • The risk of session hijacking is decreased by removing "remember me" settings on platform login pages and regularly eliminating browser cookies, ensuring that thieves can't access active session cookies even in the event of malware infection. 
  • Security teams can obtain a comprehensive understanding of the compromised devices and data threatening their firms by using darknet data that has been ingested, vetted, and evaluated. Teams can invalidate open session cookies, reset the exposed application information, and patch any remaining vulnerabilities with this insight. By addressing the threat of stolen data before it escalates into a full-blown security issue, this strategy lessens the harm to enterprises.  

Read more »
Subscribe to: Posts (Atom)