Hackers Use Cookie Theft to Bypass two factor authentication

1
HACKERS USE
COOKIES TO BYPASS TWO FACTOR AUTHENTICATION
2
Cookie theft is nothing but an attack that lets
hackers bypass logins and gain access to
personal databases. According to Sophos, Cookie
Theft is one of the latest trends in cybercrime.
Hackers have found a way to bypass cookies
attached to logins and copy them to hijack
active or recent web sessions of programs that
are not usually updated. Security advice for
organizations is to move their most sensitive
information to cloud services or use Multi-Factor
Authentication (MFA). These hackers can exploit
various online tools and services, including
browsers, web applications and services,
malware-infected emails, and ZIP files. The most
insidious aspect of this hack is that cookies are
so widely used that even with security protocols
in place, they could still allow malicious users
to gain access to a computer.
3
The emote botnet is one of a kind of
cookie-stealing malware that targets data like
login credentials and payment card data stored in
the Google Chrome browser. While browsing is
involved in encryption and Multi-Factor
Authentication, Sophos notes that Emote botnet
can circumvent these protections. The login
credentials of an Electronic Arts game developer
ended up on a marketplace called Genesis, which
is said to have been purchased by a blackmail
group. According to a report by TorrentFreak,
cybercriminals can often purchase stolen cookie
data, login credentials, and more in the
underground market.
4
This group was able to clone EA employee crede
ntials and eventually gained access to the
companys network, stealing 780 gigabytes of data.
They gathered details
about the games
source code and the graphics engine they used to
blackmail the company. Also, Lapsus hacked
Nvidias database in March. The breach reportedly
exposed the credentials of 70,000 employees,
along with 1 TB of company data, including terms,
drivers, and firmware details. However, it is
unclear whether the hack was due to Cookie Theft.
Hackers can use this to mislead users into
downloading malware or sharing sensitive
information. When dealing with
software-as-a-service products such as Amazon Web
Services (AWS) or Slack other Cookie Theft
opportunities can be found. These services
always run open, which means their cookies never
expire because their protocols are secure.
Reauthentication is required to log in to
Facebook, Google, Twitter, or other major US
websites that use cookies to access their
services. Users may also require to periodically
delete their cookies to maintain the internet
service providers (ISP) network infrastructure.
5