Attackers can Bypass MFA by Exploiting Authentication Cookie

Multi-factor authentication is an important security measure for users and organizations. However, it is not enough, as attackers can manipulate and bypass it via the cookie authentication available on websites.

According to a recent release from Sophos, “Cookies associated with authentication to web services can be used by attackers in ‘pass the cookie’ attacks, attempting to masquerade as the legitimate user to whom the cookie was originally issued and gain access to web services without a login challenge.”

Attackers steal cookies via malware that sends exact copies of session cookies to the attacker. In addition, multiple stolen credentials now allow the ability to steal cookies.

Like any other malware, users’ computers can be infected with cookie malware. According to Sophos researchers, attackers use paid download services and other non-targeted approaches to collect as many cookies as possible.

Some of the strategies used include storing the malware in large ISOs or ZIP archives when it is advertised on websites, offering it via peer-to-peer networks and distributing it via emails.

Users can protect themselves against this type of attack by enforcing encryption, if possible, strict computer security hygiene and security solutions to detect malware.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web