How Cookie Thieves Break Into Systems by Posing as Legitimate Users

How to reduce supplier risk

Reduce supplier risks by assessing digital security in your supply chain and identifying weak links. Work with various departments to create a comprehensive supplier list and then use a cyber ratings tool to quickly identify and address risks

Advantages of extending NIS2 compliance to your supply chain

For NIS2 companies, ensuring supply chain compliance brings multiple benefits, including risk reduction, operational continuity, regulatory compliance, and enhanced security. Partnering with compliant suppliers enables effective cybersecurity management, regulatory adherence, and protection of operations and reputation.

Why sustainability auditing is important for entrepreneurs and how to implement it

Read on to discover why sustainability auditing is important to business owners and the risks they face if they fail to meet sustainability standards in the supply chain. Also discover the benefits of sustainability controls and how business owners can implement them. Learn from successful companies that have implemented sustainability controls and invest in a resilient, sustainable supply chain that will protect and grow your business.

Digital sovereignty: a necessity for entrepreneurs in the Netherlands

Digital sovereignty is a hot topic that is receiving increasing attention. As dependence on digital systems increases, so do the risks of digital threats. Digital sovereignty includes control over digital infrastructure and data, as well as the ability to steer technological development and set norms and values. In this blog, you can read more about the importance of digital sovereignty, initiatives from the European Commission, and what entrepreneurs can do to increase their digital sovereignty.

How cookie thieves break into systems by posing as legitimate users

cyber software third-party

Cookie thieves are criminals who attempt to break into systems by stealing the identities of legitimate users. This can have serious consequences for businesses and individuals, including the theft of personal and financial information.

Cookie thieves are hackers who impersonate legitimate users by stealing their browser's cookies. This allows them to gain access to personal and financial information and even commit identity theft. It is very important to protect yourself against this.

The article on cybernews.com stresses the importance of setting your browser to accept cookies only from websites you trust. It also recommends changing passwords regularly and not giving out personal information to unknown websites or individuals. It is also important to stay abreast of the latest developments in security, risk and third-party management so that you are aware of the latest threats and how to protect yourself from them.

Another important issue is the use of third-party software and services. This can be a major source of vulnerabilities and security issues. It is important to only use software and services that you trust and that have been tested and verified by reputable security companies.

Cookie theft is a threat because so many applications use long-term access cookies. For example, Slack uses a combination of persistent and session cookies to verify user identity and authentication. Although session cookies are deleted when a browser is closed, some of these applications (such as Slack) remain open indefinitely in some environments. These cookies may not expire quickly enough to prevent someone from exploiting them if they are stolen.

In one case, for example, the Lapsus$ extortion group claimed to have purchased a stolen session cookie from an employee of game developer Electronic Arts through the Genesis Marketplace. The stolen cookies allowed the cybercriminals to access EA's Slack instance, ultimately leading to the acquisition of 780 gigabytes of data, including game and graphics engine source code, which the group then used to extort EA.

Clearly, cookie theft poses significant risks to individuals and organizations. It is important to take precautions and regularly review and update your security protocols.

Three questions you can ask yourself about the use of cookies

Are third-party software and services used in your organization, and are they reliable and verified?
Are your organization's browser settings configured to accept cookies only from trusted websites?
Does your organization change passwords regularly and do employees not share personal information with unknown websites or individuals?

Source: Cybernews.com

Published by RiskStudio

Mar 7, 2023