August 23, 2022

Multi-factor authentication is an important security measure for users and organizations. However, it is not enough, as attackers can manipulate and bypass it via the cookie authentication available on websites.

According to a recent release from Sophos, “Cookies associated with authentication to web services can be used by attackers in ‘pass the cookie’ attacks, attempting to masquerade as the legitimate user to whom the cookie was originally issued and gain access to web services without a login challenge.”

Attackers steal cookies via malware that sends exact copies of session cookies to the attacker. In addition, multiple stolen credentials now allow the ability to steal cookies.

Like any other malware, users’ computers can be infected with cookie malware. According to Sophos researchers, attackers use paid download services and other non-targeted approaches to collect as many cookies as possible.

Some of the strategies used include storing the malware in large ISOs or ZIP archives when it is advertised on websites, offering it via peer-to-peer networks and distributing it via emails.

Users can protect themselves against this type of attack by enforcing encryption, if possible, strict computer security hygiene and security solutions to detect malware.

The sources for this piece include an article in TechRepublic.