Cookie stealing is one of the latest trends in cyberattacks that hackers are using to get into private databases.
It is recommended that organizations move their most sensitive information to cloud services or use multifactor authentication as a safety method. Bad actors have figured out how to use cookies to hack programs that are not frequently refreshed.
The online tools and services that these hackers are able to exploit include browsers, web-based applications, web services, and zip files.
Even if safety protocols are in place, cookies can be used to access systems even if they aren't in use. The Emotet botnet is a cookie-stealing malware that targets data in the browser, such as stored logins and payment card data, despite the browser's affinity for security.
The publication said that thieves can purchase stolen cookies data from underground marketplaces. Lapsus$ is said to have purchased the login details for an Electronic Arts game developer. The group was able to steal over a ton of data from the company. The group used the game and graphics engine source code to try to get money from the publisher.
In March, Lapsus$ hacked the database of the company. According to reports, the data from the company and the login information of more than 70,000 employees may have been exposed. There is no word as to what caused the hack.
If they are software-as-a-service products, cookie-stealing opportunities can be easily cracked. Such services tend to stay open and running for a long time because their cookies don't expire often enough to make their protocols sound security-wise.
Users can clear their cookies, but they have to reauthenticate each time.
There is a recommended video.
All Rights Reserved © 2024
