For a few years now, multi-factor authentication has made its way into the connection methods to use if you want to secure your session. Its principle is simple: enter your username and password, then confirm everything with a secret question, a code or validation on another page. In short, it protects your identification by giving it a second layer of security.
Cybercriminals have found a flaw in this authentication system: cookies. Beyond stealing your usernames and passwords, hackers are now after your cookies. As a reminder, the CNIL indicates that this is “ a small file stored by a server in the terminal (computer, telephone, etc.) of a user and associated with a web domain (that is to say, in the majority of cases, with all the pages of a same website). This file is automatically resent during subsequent contacts with the same domain. »
Why target cookies?
The content of each cookie is therefore a list of parameters and values that identify your session on a web page. By targeting this type of data, the cybercriminal will be able to circumvent the multi-factor authentication system, by trying to impersonate the legitimate user, who had initially generated the cookie following his connection.
The fields of application are multiple since this method can give access to a user’s Slack session, facilitating the incitement to download malware, or even simplified access to the corporate Cloud containing sensitive data.
How do hackers steal your cookies?
To gain access to your cookies, the cybercriminal will generally use a hack in the form of phishing. It pretends to be a known authority and sends you an email containing attachments or files to download. The hacker inserts a bundle of malware, which will then inject a series of commands through a .NET process to retrieve your browser’s cookies and login data. Once the cookies have been collected, voila.
This sample hack is just a small taste of what’s going on in the world of data theft. Cookie theft has become a lucrative business that is not likely to stop anytime soon.
To limit these thefts, means exist, such as reducing the lifetime of a cookie, or even deleting it once the browser is left. Companies are increasingly looking at these cookie management solutions, which sometimes turn out to be complicated.
Sources: Esecurityplanet, CNIL
1