MFA enhances the security of email accounts by requiring users to provide additional verification beyond just their password.
Implementing MFA reduces the risk of unauthorized access which makes it a critical security measure for protecting sensitive information in email accounts.
Cybersecurity researchers at Malwarebytes uncovered that hackers can hack MFA-enabled email accounts by stealing cookies.
Threat actors have started stealing session cookies in order to evade multi-factor authentication (MFA).
When you log into any website, the server creates a unique session ID, which is saved in your browser as a cookie-labeled session or a cookie that remembers you.
This cookie’s lifetime is usually 30 days, and it acts as a log-in beacon, helping you log in without a hassle.
Challenges that MDR can help you resolve -> Get a Free Guide
But in the case where a threat actor steals this specific login session cookie, they can use it to grant themselves access to the account, even when MFA is in place, reads the report.
This is because the stolen cookie contains the valid session information, which allows the attacker to bypass the additional authentication step required by MFA.
In the most recent event, the FBI declared that users’ accounts were seriously threatened by actors who exploited this vulnerability.
When a threat actor gains unauthorized access to an email account, the criminal discovers a treasure trove of sensitive information, including credit card numbers and addresses used in online stores.
Such data may be used as source data or even to carry out an identity theft or “Person in the Middle” attack.
Moreover, the email account used for hacking may be used to send spam and phishing emails to the contacts that are stored in the address book of the email account.
One important technique is hacking session cookies and other data. Session cookies are small pieces of data that web browsers store to maintain a user’s login state across different pages or sessions.
In the case of an attack and DDoS, if a hacker takes away a session cookie, the hacker can install applications on another account, which allows quick access to the email account without the need for the actual account credentials.
Session cookies, on the other hand, can be breached in multiple ways, including MitM attacks on weak networks or malware infections targeting the user’s device, which can steal session data.
Even though session cookies can be taken from the user’s device or from a network in some cases, this is usually done with the help of information-stealing malware, which is a more sophisticated version that has the exclusive purpose of penetrating and stealing session cookies and other important data from the infected device.
Once threat actors have obtained these session cookies, they can use the victim’s email account as if their actual login and password are not needed.
Recommendations
Here below we have mentioned all the recommendations:-
- Install security software on all devices.
- Keep devices and software updated.
- Use “Remember me” options cautiously.
- Log out or delete cookies after use.
- Only visit HTTPS-secured sites.
- Regularly review login history for key accounts.
Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!