According to former FBI digital crime expert Trevor Hilligoss (via CyberNews), who currently serves as the VP of SpyCloud Labs, cookie theft is actually the biggest threat to cybersecurity. Most people tend to focus on things like their passwords, but in spite of the fact that this is the case, it turns out that cookie theft is far more concerning due to how it can bypass various protections that have been put in place.
The most significant situation in which cookie theft can cause a wide array of problems is if it ends up compromising your Google account. Such an event can be catastrophic because of the fact that this is the sort of thing that could potentially end up compromising every single other account that is linked to your Google account, including social media profiles and the like.
The OAuth2 authorization exploit has already given malicious actors the ability to secretly access Google accounts without the owner even realizing what’s going on in the first place. Google accounts can be extremely attractive propositions for them, since they also tend to contain financial information and other highly sensitive data that can cause an incalculable amount of harm.
Authentication cookies can make MFA far less effective, and it’s basically making the most effective strategy to keep hackers at bay practically defenseless. Infostealers have been stealing cookies for quite a long time, and with Malware as a Service quickly picking up steam, hackers don’t even really need all that much technical knowledge in order to implement their schemes.
Since browser cookies are stored in local databases, they’ve become a prime target for these malicious actors which is why it’s so important for any and all holes to be patched.
Malware can basically work similarly to a browser in that it can check for stored cookies that allow for easier log ins. The desired log in tokens will be combined with other system data such as RAM amount and CPU information which obscures it, with the files sent out to the user’s device and then received by the malicious actor in question.
- Use different passwords for your all online accounts. Try this free password generator tool
Another useful strategy that you can deploy is to avoid clicking on ads. A great deal of malware is transferred through scam ads, so Hilligoss recommends that you just steer clear of ads as much as you can.
Image: DIW-AIGen
Read next: Nearly Half of American TikTok Users Never Post Videos, per Pew Research Center
by Zia Muhammad via Digital Information World
No comments:
Post a Comment