https://www.darkreading.com/threat-intelligence/cookies-mfa-bypass-cyberattackers
It’s articles like these that reminds me that we need to take a holistic approach to security as attackers only need to find ONE way to compromise your account.
Researchers at this year’s Black Hat in Middle East and Africa demonstrated how they can purchase a stolen cookie for $10 to bypass your Multi Factor Authentication and Single Sign-On.
MFA has gained adoption among organizations as a way of improving security over passwords alone, but the increasing theft of browser cookies undermines that security. Cookie Hijacking has become one of the most common ways that attackers circumvent MFA.
The way to prevent attackers from bypassing MFA is to have additional security controls to detect the theft of cookies, such as using software and browser plugins that have been security assessed, and adopting endpoint security controls.
This segment was created for the It’s 5:05 podcast