Cybercriminals Are Stealing Cookies to Bypass Multifactor Authentication

[Arcadian]

This is a must read because some of us kinda use these remember me cookies I know I do

Cybercriminals Are Stealing Cookies to Bypass Multifactor Authentication | Federal Bureau of Investigation

The FBI Atlanta Division is warning the public that cybercriminals are gaining access to email accounts by stealing cookies from a victim’s computer.

www.fbi.gov

If a cybercriminal obtains the Remember-Me cookie from a user’s recent login to their web email, they can use that cookie to sign-in as the user without needing their username, password, or multifactor authentication (MFA). For these reasons, cybercriminals are increasingly focused on stealing Remember-Me cookies and using them as their preferred way of accessing a victim’s email. Victims unknowingly provide their cookies to cybercriminals when they visit suspicious websites or click on phishing links that download malicious software onto their computer.

 

[kenny]

The only place I sign in from is my home computer, an apple iMac.
The puter comes with apple system software that includes a password feature. You enter the info once, then every time you go to the screen of any website requiring you to sign in it, with one click, enters that info for you.

Is this a cookie?
I really doubt it because I often delete ALL of my cookies yet when I go to PS the feature still works.
Also, I've never downloaded a single app onto my phone or my computer.

Maybe I'll call apple and ask them if this alert applies to us privacy-nut appleheads.

 

[Lookinagain]

For anyone with a Windows PC who doesn't know how to delete cookies, this is where you will find the way to do it

 

[Calliecake]

Thank you @Arcadian and @Lookinagain.

 

[Karl_K]

This attack is as old as internet cookies, predates the internet because its similar to stealing a badge.
Flash a badge get in, show a "cookie" get in, someone else gets hold of it it unless something else is used to back up the cookie/badge then there is a problem.

If you go to a site and it shows you as logged in and you didn't use your username/password on that visit its potentially vulnerable to this attack.

if you type username/password or your browner enters it, your good from many forms of this attack.
Having your browser save and enter your password is a risk but they are pretty robust these days so that's another post.

However even if the site does not ask your login each time you visit they can still be resistant to this attack.
The site can use your ip address, and browser fingerprint as well as the cookie and if one does not match they require your username/password.
Many cell phones will get a different IP address a lot so that has made sites back off on the security features so a very old attack is back again.
Using a vpn is actually increasing your risk of a stolen cookie being able to be used you because a lot of people can have the same ip address. Some ISPs also have many users using the same internet facing ip address(CGNAT) this is more common on cell phones.

 

[Karl_K]

A cookie is a small amount of text a website is allowed to save on your device by the browser then read it on request.
When you sign in the website says to your browser store this..then later the site asks to read the data the browser previously stored.

 

[Karl_K]

Example of actual cookie data from a random site:
989615a8-ff50-33bf-b622-5ff8b86618c6:1731372932.8476084