Former FBI Expert Warns of Cookie Theft Emerging as Major Cybersecurity Threat, Surpassing Password Concerns with its Ability to Bypass Protections

The manner in which cyber security functions in this modern day and age has experienced a bit of a backslide, which basically means that your password length and complexity can’t really protect you from vicious actors anymore. Even two factor authentication might not be enough with all things having been considered and taken into account, since malware can bypass it all and create a situation wherein your session tokens or cookies can end up in the wrong hands.

According to former FBI digital crime expert Trevor Hilligoss (via CyberNews), who currently serves as the VP of SpyCloud Labs, cookie theft is actually the biggest threat to cybersecurity. Most people tend to focus on things like their passwords, but in spite of the fact that this is the case, it turns out that cookie theft is far more concerning due to how it can bypass various protections that have been put in place.

The most significant situation in which cookie theft can cause a wide array of problems is if it ends up compromising your Google account. Such an event can be catastrophic because of the fact that this is the sort of thing that could potentially end up compromising every single other account that is linked to your Google account, including social media profiles and the like.

The OAuth2 authorization exploit has already given malicious actors the ability to secretly access Google accounts without the owner even realizing what’s going on in the first place. Google accounts can be extremely attractive propositions for them, since they also tend to contain financial information and other highly sensitive data that can cause an incalculable amount of harm.
Authentication cookies can make MFA far less effective, and it’s basically making the most effective strategy to keep hackers at bay practically defenseless. Infostealers have been stealing cookies for quite a long time, and with Malware as a Service quickly picking up steam, hackers don’t even really need all that much technical knowledge in order to implement their schemes.

Since browser cookies are stored in local databases, they’ve become a prime target for these malicious actors which is why it’s so important for any and all holes to be patched.

Malware can basically work similarly to a browser in that it can check for stored cookies that allow for easier log ins. The desired log in tokens will be combined with other system data such as RAM amount and CPU information which obscures it, with the files sent out to the user’s device and then received by the malicious actor in question.
There are hundreds of thousands of infostealer infections occurring on a day to day basis, and they mostly target people living in developed countries due to the higher value of their data. In order to protect yourself from these attacks, it is absolutely essential that you download an antivirus and continuously update it, and on top of all that, you need to have top notch endpoint monitoring at all times.

Another useful strategy that you can deploy is to avoid clicking on ads. A great deal of malware is transferred through scam ads, so Hilligoss recommends that you just steer clear of ads as much as you can.

Cookie theft poses significant risks, especially if it compromises Google accounts, potentially leading to widespread data breaches across linked platforms.
Image: DIW-AIGen

Read next: Nearly Half of American TikTok Users Never Post Videos, per Pew Research Center
Previous Post Next Post