Sophos Show How Attackers Exploit Stolen Session Cookies to Bypass Multi Factor Authentication
With Stolen Session Cookies, Attackers can Impersonate Legitimate Users and Move Freely Around the Network, says Sophos
Sophos, a global leader in next-generation cybersecurity, today announced in the Sophos X-Ops report, “Cookie stealing: the new perimeter bypass,” that active adversaries are increasingly exploiting stolen session cookies to bypass Multi-Factor Authentication (MFA) and gain access to corporate resources.
- Sophos is seeing a growing number of attackers—including active adversaries—using stolen session, or authentication, cookies to bypass MFA and access corporate resources
- These stolen cookies allow attackers to impersonate legitimate users and move freely around a network. Once inside, there is really no limit to what they can do; they can tamper with cloud infrastructures, compromise business email, or even rewrite code for products
- While bulk credential theft (including bulk cookie theft) is still common, Sophos is witnessing a growing number of targeted attacks to steal cookies from specific types of organizations
- One common underground marketplace for these stolen cookies is Genesis
- This is an important table setter piece for Sophos:
- While other companies have discussed the theoretical rise of attacks bypassing MFA or spoken about isolated incidents involving stolen session cookies, we’re talking about an overall trend and what we’ve witnessed in the field and in the data from our own telemetry
- We will be building on the cookie theft/MFA bypass angle in the coming months
In some cases, the cookie theft itself is a highly targeted attack, with adversaries scraping cookie data from compromised systems within a network and using legitimate executable to disguise the malicious activity.
Once the attackers obtain access to corporate web-based and cloud resources using the cookies, they can use them for further exploitation such as business email compromise, social engineering to gain additional system access, and even modification of data or source code repositories.
“Over the past year, we’ve seen attackers increasingly turn to cookie theft to work around the growing adoption of MFA. Attackers are turning to new and improved versions of information stealing malware like Raccoon Stealer to simplify the process of obtaining authentication cookies, also known as access tokens,” said Sean Gallagher, principal threat researcher, Sophos. “If attackers have session cookies, they can move freely around a network, impersonating legitimate users.”
Session, or authentication, cookies are a particular type of cookie stored by a web browser when a user logs into web resources. If attackers obtain them, then they can conduct a “pass-the-cookie” attack whereby they inject the access token into a new web session, tricking the browser into believing it is the authenticated user and nullifying the need for authentication.
Since a token is also created and stored on a web browser when using MFA, this same attack can be used to bypass this additional layer of authentication.
Compounding the issue is that many legitimate web-based applications have long-lasting cookies that rarely or never expire; other cookies only expire if the user specifically logs out of the service.
Thanks to the malware-as-a-service industry, it’s getting easier for entry-level attackers to get involved in credential theft. For example, all they need to do is buy a copy of an information-stealing Trojan like Raccoon Stealer to collect data like passwords and cookies in bulk and then sell them on criminal marketplaces, including Genesis.
Other criminals on the attack chain, such as ransomware operators, can then buy this data and sift through it to leverage anything they deem useful for their attacks.
Conversely, in two of the recent incidents that Sophos investigated, attackers took a more targeted approach. In one case, the attackers spent months inside a target’s network gathering cookies from the Microsoft Edge browser.
The initial compromise occurred via an exploit kit, and then the attackers used a combination of Cobalt Strike and Meterpreter activity to abuse a legitimate compiler tool to scrape access tokens. In another case, the attackers used a legitimate Microsoft Visual Studio component to drop a malicious payload that scraped cookie files for a week.
“While historically we’ve seen bulk cookie theft, attackers are now taking a targeted and precise approach to cookie stealing. Because so much of the workplace has become web-based, there really is no end to the types of malicious activity attackers can carry out with stolen session cookies. They can tamper with cloud infrastructures, compromise business email, and convince other employees to download malware or even rewrite code for products. The only limitation is their own creativity,” said Gallagher. “Complicating matters is that there is no easy fix. For example, services can shorten the lifespan of cookies, but that means users must re-authenticate more often, and, as attackers turn to legitimate applications to scrape cookies, companies need to combine malware detection with behavioral analysis.”
To learn more about session cookie theft and how adversaries are exploiting the technique to carry out malicious activity, read the full report, “Cookie Stealing: the new perimeter bypass,” on Sophos.com.
Hyperspace Technologies Launches Keymaster VAULT; A Low-Cost, NFC- Based Hardware Wallet for African Market
By SANDRA ANI
Hyperspace Technologies, a Lagos-based Web3 startup specializing in next-level smart security infrastructure and key management systems, has announced the launch of its groundbreaking product, the Keymaster VAULT.
Designed to cater to the African market, Keymaster VAULT is a secure, NFC-based hardware wallet that stores private keys offline, offering an affordable and user-friendly alternative to expensive and complicated traditional hardware wallets.
Leveraging the simplicity of Near Field Communication (NFC) technology, the Keymaster VAULT allows users to securely access their digital assets by merely tapping their NFC-enabled devices.
This eliminates complex installation processes, making the wallet an ideal choice for both cryptocurrency novices and experienced users. With offline storage of private keys, the wallet significantly reduces the risk of hacks and malware attacks associated with online storage.
“We wanted to create a wallet that combines the highest level of security with ease of use, making cryptocurrency storage accessible to a broader audience in Africa,” said Chidera Anyanebechi, General Manager of Hyperspace Technologies.
“The Keymaster VAULT not only provides an affordable solution but also offers enterprise clients the ability to leverage blockchain-based identity and access management, which we believe will be a game-changer in the industry”, Anyanebechi explained.
The Keymaster VAULT’s advanced encryption technology ensures the utmost security for users’ digital assets. Its compact design and portability make it a convenient choice for individuals and businesses looking to store their digital assets securely without breaking the bank or dealing with complicated setups.
“The African market has long been underserved when it comes to secure and affordable hardware wallet solutions,” added Anyanebechi. “We are excited to bring the Keymaster VAULT to our customers and empower them with a hardware wallet that not only protects their digital assets but also opens doors for innovative applications in blockchain-based identity and access management.”
The Keymaster VAULT is now available for purchase at https://keymaster.ng, giving cryptocurrency enthusiasts and enterprise clients across Africa a secure, affordable, and user-friendly hardware wallet solution.
Meta to lay off Additional 10,000 staff soon
Facebook parent company, Meta, has confirmed it will cut 10,000 jobs in coming months, after 11,000 layoffs in December.
The Chief Executive Officer of Meta, Mark Zuckerberg, announced this via his Facebook page on Tuesday, sharing the internal memo he sent employees.
Here is what he wrote,
“I just shared this update on our Year of Efficiency with Meta employees…
Meta is building the future of human connection, and today I want to share some updates on our Year of Efficiency that will help us do that. The goals of this work are: (1) to make us a better technology company and (2) to improve our financial performance in a difficult environment so we can execute our long term vision.
Our efficiency work has several parallel workstreams to improve organizational efficiency, dramatically increase developer productivity and tooling, optimize distributed work, garbage collect unnecessary processes, and more. I’ve tried to be open about all the work that’s underway, and while I know many of you are energized by this, I also recognize that the idea of upcoming org changes creates uncertainty and stress. My hope is to make these org changes as soon as possible in the year so we can get past this period of uncertainty and focus on the critical work ahead.
Here’s the timeline you should expect: over the next couple of months, org leaders will announce restructuring plans focused on flattening our orgs, canceling lower priority projects, and reducing our hiring rates. With less hiring, I’ve made the difficult decision to further reduce the size of our recruiting team. We will let recruiting team members know tomorrow whether they’re impacted.
We expect to announce restructurings and layoffs in our tech groups in late April, and then our business groups in late May. In a small number of cases, it may take through the end of the year to complete these changes. Our timelines for international teams will also look different, and local leaders will follow up with more details.
Overall, we expect to reduce our team size by around 10,000 people and to close around 5,000 additional open roles that we haven’t yet hired. This will be tough and there’s no way around that. It will mean saying goodbye to talented and passionate colleagues who have been part of our success. They’ve dedicated themselves to our mission and I’m personally grateful for all their efforts. We will support people in the same ways we have before and treat everyone with the gratitude they deserve.
After restructuring, we plan to lift hiring and transfer freezes in each group. Other relevant efficiency timelines include targeting this summer to complete our analysis from our hybrid work year of learning so we can further refine our distributed work model. We also aim to have a steady stream of developer productivity enhancements and process improvements throughout the year. As I’ve talked about efficiency this year, I’ve said that part of our work will involve removing jobs — and that will be in service of both building a leaner, more technical company and improving our business performance to enable our long term vision. I understand that this update may still feel surprising, so I’d like to lay out some broader context on our vision, our culture, and our operating philosophy.
Building a Better Technology Company Every day Meta builds new ways for people to feel closer. This is a fundamental human need that may be more important in today’s complex world than ever. One day we hope to enable every person to feel as strong a sense of connection as you feel when you’re physically with someone you love.We do leading work across a wide range of advanced technologies and then distill that into inspiring products that improve people’s lives. We do this with AI to help you creatively express yourself and discover new content, with the metaverse to deliver a realistic sense of presence, with new media formats to create richer experiences, with encryption to let you communicate privately in more and more ways, and with business tools to help reach customers, create opportunity and grow the economy.
Simply put: if you want to invent the future or apply the best ideas to reach people at the greatest scale, then Meta is the best place to do that.With that in mind, here are some of the cultural principles that are guiding our efficiency work towards making Meta an even stronger technology company: Flatter is Faster It’s well-understood that every layer of a hierarchy adds latency and risk aversion in information flow and decision-making. Every manager typically reviews work and polishes off some rough edges before sending it further up the chain.In our Year of Efficiency, we will make our organization flatter by removing multiple layers of management.
As part of this, we will ask many managers to become individual contributors. We’ll also have individual contributors report into almost every level — not just the bottom — so information flow between people doing the work and management will be faster. Of course, there are tradeoffs. We still believe managing each person is very important, so in general we don’t want managers to have more than 10 direct reports. Today many of our managers have only a few direct reports. That made sense to optimize for ramping up new managers and maintaining buffer capacity when we were growing our organization faster, but now that we don’t expect to grow headcount as quickly, it makes more sense to fully utilize each manager’s capacity and defragment layers as much as possible.Leaner is Better Since we reduced our workforce last year, one surprising result is that many things have gone faster. In retrospect, I underestimated the indirect costs of lower priority projects.
It’s tempting to think that a project is net positive as long as it generates more value than its direct costs. But that project needs a leader, so maybe we take someone great from another team or maybe we take a great engineer and put them into a management role, which both diffuses talent and creates more management layers. That project team needs space, and maybe it tips its overall product group into splitting across multiple floors or multiple time zones, which now makes communication harder for everyone. That project team needs laptops and HR benefits and may want to recruit more engineers, so that leads us to hire even more IT, HR and recruiting people, and now those orgs grow and become less efficient and responsive to higher priority teams as well. Maybe the project has overlap with work on another team or maybe it built a bespoke technical system when it should have used general infrastructure we’d already built, so now it will take leadership focus to deduplicate that effort.
Indirect costs compound and it’s easy to underestimate them. A leaner org will execute its highest priorities faster. People will be more productive, and their work will be more fun and fulfilling. We will become an even greater magnet for the most talented people. That’s why in our Year of Efficiency, we are focused on canceling projects that are duplicative or lower priority and making every organization as lean as possible.Keep technology the main thingWe are a technology company, and our ultimate output is what we build for people. Everything else we do is in service of that.As we’ve grown, we’ve hired many leading experts in areas outside engineering. This helps us build better products, but with many new teams it takes intentional focus to make sure our company remains primarily technologists.As we add different groups, our product teams naturally hire more roles to handle all the interactions with those other groups. If we only rebalanced the product teams towards engineering, those leaner product teams would be overwhelmed by the volume of interactions from other groups.
As part of the Year of Efficiency, we’re focusing on returning to a more optimal ratio of engineers to other roles. It’s important for all groups to get leaner and more efficient to enable our technology groups to get as lean and efficient as possible. We will make sure we continue to meet all our critical and legal obligations as we find ways to operate more efficiently.
Invest in tools to get more Efficient We’re focused on the long term. That means investing in tools that will make us most effective over many years, not just this year — whether that’s building AI tools to help engineers write better code faster, enabling us to automate workloads over time, or identifying obsolete processes that we can phase out.Our developer tooling work is underway and seeing good results. For example, Buck2 is our new open source build system that compiles builds around 50% faster so engineers can spend more time iterating and less time waiting. Our analysis found that engineers whose builds were sped up by Buck2 often produced meaningfully more code.In-person time helps build relationships and get more Done We’re committed to distributed work.
That means we’re also committed to continuously refining our model to make this work as effectively as possible.Our early analysis of performance data suggests that engineers who either joined Meta in-person and then transferred to remote or remained in-person performed better on average than people who joined remotely. This analysis also shows that engineers earlier in their career perform better on average when they work in-person with teammates at least three days a week. This requires further study, but our hypothesis is that it is still easier to build trust in person and that those relationships help us work more effectively. As part of our Year of Efficiency, we’re focusing on understanding this further and finding ways to make sure people build the necessary connections to work effectively.
In the meantime, I encourage all of you to find more opportunities to work with your colleagues in person.Improving Business Performance in a Difficult Economic Environment In addition to helping us build a better technology company, our other goal for the Year of Efficiency is to improve our business performance given the new economic reality. Profitability enables innovation. Operating our business more efficiently will give us the resources and confidence to achieve our long term vision by delivering sustainable financial results that make us an attractive company to work at and invest in. When I wrote my first letter to investors during our IPO, I described a basic principle that is still true today: “we don’t build services to make money; we make money to build better services.”For most of our history, we saw rapid revenue growth year after year and had the resources to invest in many new products. But last year was a humbling wake-up call. The world economy changed, competitive pressures grew, and our growth slowed considerably. We scaled back budgets, shrunk our real estate footprint, and made the difficult decision to lay off 13% of our workforce. At this point, I think we should prepare ourselves for the possibility that this new economic reality will continue for many years. Higher interest rates lead to the economy running leaner, more geopolitical instability leads to more volatility, and increased regulation leads to slower growth and increased costs of innovation. Given this outlook, we’ll need to operate more efficiently than our previous headcount reduction to ensure success.In the face of this new reality, most companies will scale back their long term vision and investments. But we have the opportunity to be bolder and make decisions that other companies can’t. So we put together a financial plan that enables us to invest heavily in the future while also delivering sustainable results as long as we run every team more efficiently.
The changes we’re making will enable us to meet this financial plan. I believe that we are working on some of the most transformative technology our industry has ever seen. Our single largest investment is in advancing AI and building it into every one of our products. We have the infrastructure to do this at unprecedented scale and I think the experiences it enables will be amazing. Our leading work building the metaverse and shaping the next generation of computing platforms also remains central to defining the future of social connection. And our apps are growing and continuing to connect almost half of the world’s population in new ways. This work is incredibly important and the stakes are high. The financial plan we’ve set out puts us in position to deliver it.Looking Ahead I recognize that sharing plans for restructuring and layoffs months in advance creates a challenging period.
But last fall, we heard feedback that you wanted more transparency sooner into any restructuring plans, so that’s what I’m trying to provide here. I hope that giving you a timeline and principles for what to expect will help us get through the next couple of months and then move forward as we implement these changes that I believe will have a very positive impact on how we work.In terms of how we should operate during this period, I encourage each of you to focus on what you can control. That is, do great work and support your teammates. Our community is extremely resilient. Change is never easy, but I know we’ll get through this and come out an even stronger company that can build better products faster and enable you to do the best work of your careers.
Sophos Endpoint Security Advancements Improve Cyberthreat Defenses and Streamline Management
Sandra Ani reporting
- Introduces Adaptive Active Adversary Protection, Linux Malware Protection Enhancements, Account Health Check Capabilities, Integrated ZTNA Agent, and More
Sophos, a global leader in innovating and delivering cybersecurity as a service, today introduced innovative advancements to its portfolio of industry-leading endpoint security offerings.
New adaptive active adversary protection; Linux malware protection enhancements; account health check capabilities; an integrated zero trust network access (ZTNA) agent for Windows and macOS devices; and more improve frontline defenses against advanced cyberthreats and streamline endpoint security management.
“Ransomware remains one of the most prevalent and damaging cyberthreats to organizations, with Sophos incident responders still consistently remediating ransomware activity worldwide. Now isn’t the time for organizations to let their guard down because of any perceived reduction in attacks; in fact, they should be strengthening defenses as attacks are now more intricate and difficult to detect, requiring advanced security techniques that can sense and then quickly adapt to better protect themselves,” said Raja Patel, senior vice president of products at Sophos. “Sophos endpoint security is widely recognized as the industry gold standard, and we’re consistently innovating our market-leading, intelligent endpoint technologies to keep organizations ahead of unrelenting attackers.”
Designed to improve protection and operational efficiency, as well as speed up detection and response, the new Sophos endpoint innovations include:
- Adaptive active adversary protection: A core part of Sophos’ “shields up” design methodology that provides defenders with additional time needed to respond to targeted attacks underway. Sophos Intercept X immediately enables heightened defenses as soon as it detects a “hands-on-keyboard” endpoint intrusion. This wide-reaching step up in defensive measures removes an attacker’s ability to take further actions by minimizing the attack surface, disrupting and containing the attack prior to response team engagement, and providing insights needed for complete remediation
- Linux malware protection enhancements: On-access malware scanning and quarantine capabilities improve real-time prevention of security incidents within Linux operating environments. Added to the Sophos Intercept X Advanced for Server offering, these new features complement existing functionality, including live runtime detections and response to container escapes, cryptominers, data destruction, and kernel exploits
- Account health check: Intuitive, real-time health check monitoring of security configurations and policy settings with the ability to automatically return to recommended settings in a single click, optimizing security posture and enabling organizations to promptly re-establish security best practices. Assessments ensure devices are running the necessary security components, policies are following recommended settings, tamper protection is active, exclusions aren’t creating attack surface exposure, and more
- Integrated ZTNA agent for Windows and macOS devices: Sophos Intercept X is one of the only endpoint protection solutions with a modular ZTNA agent, and organizations can now extend defenses to include Sophos ZTNA across entire estates without deploying an additional agent
- Faster, lightweight agent: Reduces the Windows agent’s memory footprint by 40% and the number of processes by more than 30%, accelerating the performance of applications, workloads and devices. Sophos has also introduced a new extended detection and response (XDR) sensor deployment option that’s approximately 80% lighter than the previous full agent
Sophos endpoint solutions provide deep learning malware detection, anti-ransomware technology, exploit prevention, and much more to prevent attackers from gaining a foothold in the first place. Sophos Intercept X, the market-leading endpoint security solution, protects more than 300,000 organizations against both known and unknown malware and exploits.
Sophos XDR gives security analysts the ability to proactively hunt threats, providing faster detection, investigation and response to drive better security outcomes. Sophos endpoint offerings also include server workload protection for unmatched server and container security and integrated web and application controls; Sophos Mobile for secure unified endpoint management; and Sophos Encryption for full disk encryption.
Sophos’ complete and integrated portfolio of endpoint, network and cloud solutions and managed security services are part of the Sophos Adaptive Cybersecurity Ecosystem. They’re powered by threat intelligence from Sophos X-Ops for faster and more contextual and synchronized protection, detection and response.
Sophos endpoint security offerings are available for immediate purchase exclusively through Sophos’ global channel of partners and managed service providers (MSPs). New software management options enable organizations to precisely control which versions of Sophos endpoint software are deployed on specific devices with new fixed term support packages for Windows computers and servers, with macOS and Linux coverage coming later this year. Solutions are easily managed in the cloud-native Sophos Central platform. Partners can also leverage Sophos Managed Detection and Response (MDR) as a comprehensive service to detect and respond to threats. The industry-leading service offering is trusted by more than 15,000 organizations for 24/7 threat hunting, detection and response with industry-first third-party integration capabilities and a $1 million Sophos Breach Protection Warranty.
Peter Obi Successfully Files His Petition To The Presidential Election Tribunal In Abuja
I sincerely do not regret taking this huge step – Funke Akindele speaks on outcome of Election
Nigeria – a Nation in Need of Accurate Education Statistics
LASG Acquires New Outboard Engines For Optimum Boat Performance
We Do Not Accept Refugee Application Directly From People – Canadian Govt.
ALERT: LASG Closes Ilupeju, Ogunmokun, Jibowu, Yaba Level Crossing For Railway Project
News4 days ago
I highly recommend JESUS – Singer Takalani Chairo speaks on witnessing a mother who brought her Dead daughter back to life in the hospital
Entertainment5 days ago
Actress Ini Edo celebrates Daughter as she Clocks 2
News4 days ago
Inspector General of Police, Usman Baba declares No Vehicular movements on Saturday the day of The Gubernatorial and State Houses of Assembly Elections
Politics3 days ago
If they give you money, Collect, But vote for your preferred candidate- President Buhari advices Nigerians
News3 days ago
John Wick star, Lance Reddick found dead in his Home
Education1 day ago
Nigeria – a Nation in Need of Accurate Education Statistics
Politics14 hours ago
I sincerely do not regret taking this huge step – Funke Akindele speaks on outcome of Election
TechNews1 day ago
Hyperspace Technologies Launches Keymaster VAULT; A Low-Cost, NFC- Based Hardware Wallet for African Market