Digital Times Nigeria
  • Home
  • Telecoms
    • Broadband
  • Business
    • Banking
    • Finance
  • Editorial
    • Opinion
    • Big Story
  • TechExtra
    • Fintech
    • Innovation
  • Interview
  • Media
    • Social
    • Broadcasting
Facebook X (Twitter) Instagram
Trending
  • “How Do I Kelee Gi?”: The Song That Rose From The Rubble Of A Lagos Bomb Blast
  • Hydrogen, Lagos State Govt Power Wellness Drive For Business Owners In Ikeja
  • Tinubu Hails NASENI’s Contributions To National Economy
  • Experts @ABoICT 2025 Warn Of Digital Disaster Risks In Nigeria Without AI Governance
  • NCC Unveils e-Health Project In Akure To Boost Digital Healthcare
  • PalmPay Unveils ‘Passing The Baton’ CSR Initiative To Drive Financial Inclusion In Northern Nigeria
  • Anambra Shines In E-Governance, Ranks Among Top Three States
  • EMOSIM Launches eSIM In Lagos, Heralds New Era Of Global Connectivity And Digital Inclusion
Facebook X (Twitter) Instagram
Digital Times NigeriaDigital Times Nigeria
  • Home
  • Telecoms
    • Broadband
  • Business
    • Banking
    • Finance
  • Editorial
    • Opinion
    • Big Story
  • TechExtra
    • Fintech
    • Innovation
  • Interview
  • Media
    • Social
    • Broadcasting
Digital Times Nigeria
Home » Sophos Reports How Active Adversaries Increasingly Exploit Stolen Session Cookies
TechExtra

Sophos Reports How Active Adversaries Increasingly Exploit Stolen Session Cookies

Our REPORTERBy Our REPORTER18 August 2022No Comments4 Mins Read5 Views
Facebook Twitter Pinterest Telegram LinkedIn Tumblr WhatsApp Email
SEAN
Share
Facebook Twitter LinkedIn Pinterest Telegram Email WhatsApp

Sophos, a global leader in next-generation cybersecurity, Thursday announced in the Sophos X-Ops report, “Cookie stealing: the new perimeter bypass,” that active adversaries are increasingly exploiting stolen session cookies to bypass Multi-Factor Authentication (MFA) and gain access to corporate resources. SOPHOS REPORT LATEST 2

The report showed that in some cases, the cookie theft itself is a highly targeted attack, with adversaries scraping cookie data from compromised systems within a network and using legitimate executables to disguise the malicious activity.

Once the attackers obtain access to corporate web-based and cloud resources using the cookies, they can use them for further exploitation such as business email compromise, social engineering to gain additional system access, and even modification of data or source code repositories.

“Over the past year, we’ve seen attackers increasingly turn to cookie theft to work around the growing adoption of MFA. Attackers are turning to new and improved versions of information stealing malware like Raccoon Stealer to simplify the process of obtaining authentication cookies, also known as access tokens,” said Sean Gallagher, principal threat researcher, Sophos.

“If attackers have session cookies, they can move freely around a network, impersonating legitimate users,” Gallagher further said.

Digital TimesNG understands that Session, or authentication, cookies are a particular type of cookie stored by a web browser when a user logs into web resources.COOKIES 1

If attackers obtain them, then they can conduct a “pass-the-cookie” attack whereby they inject the access token into a new web session, tricking the browser into believing it is the authenticated user and nullifying the need for authentication.

Since a token is also created and stored on a web browser when using MFA, this same attack can be used to bypass this additional layer of authentication.

READ ALSO  Digital Transformation Of Nigeria’s Economy Has Become Imperative- Pantami

Compounding the issue is that many legitimate web-based applications have long-lasting cookies that rarely or never expire; other cookies only expire if the user specifically logs out of the service. COOKIES 2

Thanks to the malware-as-a-service industry, it’s getting easier for entry-level attackers to get involved in credential theft.

For example, all they need to do is buy a copy of an information-stealing Trojan like Raccoon Stealer to collect data like passwords and cookies in bulk and then sell them on criminal marketplaces, including Genesis.

Other criminals on the attack chain, such as ransomware operators, can then buy this data and sift through it to leverage anything they deem useful for their attacks.

Conversely, in two of the recent incidents that Sophos investigated, attackers took a more targeted approach. In one case, the attackers spent months inside a target’s network gathering cookies from the Microsoft Edge browser.

The initial compromise occurred via an exploit kit, and then the attackers used a combination of Cobalt Strike and Meterpreter activity to abuse a legitimate compiler tool to scrape access tokens. In another case, the attackers used a legitimate Microsoft Visual Studio component to drop a malicious payload that scraped cookie files for a week.COOKIES 3

“While historically we’ve seen bulk cookie theft, attackers are now taking a targeted and precise approach to cookie stealing. Because so much of the workplace has become web-based, there really is no end to the types of malicious activity attackers can carry out with stolen session cookies.

“They can tamper with cloud infrastructures, compromise a business email, and convince other employees to download malware or even rewrite code for products. The only limitation is their own creativity,” said Gallagher.

READ ALSO  20 Years Of Telecoms: NCC Identifies Key Initiatives For Industry Growth

“Complicating matters is that there is no easy fix. For example, services can shorten the lifespan of cookies, but that means users must re-authenticate more often, and, as attackers turn to legitimate applications to scrape cookies, companies need to combine malware detection with behavioral analysis.”

To learn more about session cookie theft and how adversaries are exploiting the technique to carry out malicious activity, read the full report here.

#Active Adversaries #Perimeter Bypass #Sean Gallagher #Sophos #Stolen Session Cookies Featured Report
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticlePantami Leads Stakeholders To NITRA ICT Growth Conference 2.0
Next Article Machine Learning Operations (MLOps) And Scalable Model Deployment
Our REPORTER
  • Website

Related Posts

PalmPay Unveils ‘Passing The Baton’ CSR Initiative To Drive Financial Inclusion In Northern Nigeria

30 May 2025

Experts, Industry Leaders Push For Bold Digital Reforms In Nigeria

23 May 2025

New IT Clearance Framework To Curb Waste, Boost Transparency In MDAs- NITDA

20 May 2025

Anambra State Govt Unveils Innovative SolutionLens Platform Today

15 May 2025

NITDA, Lancaster University Mull Collaboration To Boost Innovation, Entrepreneurship In Nigeria

13 May 2025

Coal To Code: Leo Stan Ekeh Ignites Passion For Innovation At Enugu Tech Festival

12 May 2025

Comments are closed.

Categories
About
About

Digital Times Nigeria (www.digitaltimesng.com) is an online technology publication of Digital Times Media Services.

Facebook X (Twitter) Instagram
Latest Posts

“How Do I Kelee Gi?”: The Song That Rose From The Rubble Of A Lagos Bomb Blast

31 May 2025

Hydrogen, Lagos State Govt Power Wellness Drive For Business Owners In Ikeja

30 May 2025

Tinubu Hails NASENI’s Contributions To National Economy

30 May 2025
Popular Posts

Building Explainable AI (XAI) Dashboards For Non-Technical Stakeholders

2 May 2022

Building Ethical AI Starts With People: How Gabriel Ayodele Is Engineering Trust Through Mentorship

8 January 2024

Gabriel Tosin Ayodele: Leading AI-Powered Innovation In Web3

8 November 2022
© 2025 Digital Times NG. Designed by Max Excellence LLC.
  • Advert Rate
  • Terms of Use
  • Advertisement
  • Private Policy
  • Contact Us

Type above and press Enter to search. Press Esc to cancel.