cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Cookies under attack by hackers especially against 2FA

Hi All

 

It appears that hackers have found a way to get around 2FA systems, through the use of Cookies in particular environments.

 

https://www-digitaltrends-com.cdn.ampproject.org/c/s/www.digitaltrends.com/computing/hackers-are-usi...

 

Here is the Sophos reference link: 

 

https://news.sophos.com/en-us/2022/08/18/cookie-stealing-the-new-perimeter-bypass/

 

Is it viable or true?

 

Regards

 

Caute_Cautim

3 Replies
wimremes
Contributor III

As always, the answer is "it depends".

 

Cookies could be stolen en reused, but not always.

The reuse of Cookies might side-step MFA, but not always.

 

Framing it as all cookies can be stolen, reused, and in those cases MFA can always be side-stepped is completely wrong.

 

I'll come back to this when and if I have time to elaborate but for well-known services like O365, Google, AWS, etc. I'd say the claim is false. Most likely the examples relate to cookies for legacy systems that don't use current ways of authenticating users and provide pathways to MFA circumvention by default. 



Sic semper tyrannis.
denbesten
Community Champion

Is this not just "session hijacking", for which the defenses have been known for years .... validate the source-IP or client-cert at the start of each connection within the session; be on the lookout for unrelated simultaneous use, limit session length, etc.

wimremes
Contributor III


@denbesten wrote:

Is this not just "session hijacking", for which the defenses have been known for years .... validate the source-IP or client-cert at the start of each connection within the session; be on the lookout for unrelated simultaneous use, limit session length, etc.


yes 🙂 but not if you're Sophos and you need to scare part time IT people at SMBs into forking over money for the illusion of protection.



Sic semper tyrannis.