Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • 4 Strategies to Mitigate Pass-the-Cookie Attacks
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

4 Strategies to Mitigate Pass-the-Cookie Attacks

5 years ago Tripwire Guest Authors
4 Strategies to Mitigate Pass-the-Cookie Attacks

Another year, another new set of cybersecurity threats to overcome, outwit and mitigate against. At the beginning of 2021, the cybersecurity world was informed by CISA (the USA Cybersecurity and Infrastructure Security Agency) of a spate of attacks targeting cloud environment configurations, supposedly occurring as a result of the increase in remote working.

Once you add to the mix the fact that corporate and personal devices were being used – often simultaneously – to access cloud services, the stage was set for various malicious actors to utilize an array of criminal tactics to access data. Among the usual brute force login attempts and phishing attacks, there was a noted increase in what has become known as ‘pass-the-cookie’ attacks, a relatively new method of cybercrime which it would be a good idea to become familiar with if you aren’t already. While the U.S. federal regulation of cookies goes some distance towards assisting with the mitigation of attacks, we need to stay updated and vigilant beyond that.

What Are Pass-The-Cookie Attacks?

For better or worse, we’ve become used to cookies as an integral part of online life. Though you might be aware that selective cookie deletion can help to find better deals on flights and hotels, due to the way data is stored, when we start looking into the complexities and possibilities for cybercrime that cookies create, it becomes increasingly clear that attacks which rely on cookies can be used to compromise assets, steal data and reach deep into databases to access sensitive information.

In pass-the-cookie attacks, cyber criminals are able to use stolen ‘session’ cookies (also known as transient cookies) in order to authenticate themselves to web services, thus bypassing security measures like MFA because the session has, for all intents and purposes, been authenticated. It isn’t hard to see the logic behind this. After all, such cookies are essentially a measure of convenience, which stops credentials from being passed on and ends the need for regular re-authentification. As such, they tend to remain valid for some time.

Should these cookies fall into the wrong hands, however, they can be imported into a cybercriminal’s browser, allowing them to continue to access a site or app for as long as the cookie is activated. Cookie forging attacks of this kind provide plenty of time to move laterally through a site, gaining access to sensitive data and emails or enabling the criminal to perform actions as the victim’s account.

Despite being a relatively little-known term, pass-the-cookie attacks aren’t exactly a new approach. Indeed, according to information security experts, they’re actually a reasonably standard form of infiltration. Cybercriminals skilled at gaining access to session cookies will continue to use them as part of their arsenal alongside malware such as cookie miner and similar methods.

How to Counter Pass-The-Cookie Attacks

As in the case with any type of cybercrime, there are no fool-proof methods for avoiding attacks all the time. However, with the use of vulnerability management best practices, common sense and company security protocols which keep the ever-changing landscape of cybercrime in mind, there are ways of mitigating risk and keeping your data safe.

When it comes to pass-the-cookie attacks, there are several ways to increase your data security. However, it’s important to note that – once again – none can guarantee absolute protection, and none are without their own drawbacks. Despite this, any effort to outwit the cybercriminals is often enough to put off opportunists and increase your peace of mind.

Let’s have a look at four of the best ways of increasing your system’s safety.

1.   Make Use of Client Certificates

It’s always a good idea to give users a persistent token which will then be securely stored on their system and which can be used for every subsequent server connection. Most administrators achieve this by making use of client certificates stored in their profile on the system.

This is generally regarded as one of the most secure options for combating pass-the-cookie attacks. However, logistically it presents a number of issues. Most pertinently, it can only be used for applications with a limited number of users – for example, for systems run by business partners who require access to internal online applications or a B2B system. As soon as you consider scaling this option, it isn’t difficult to see where the problems arise. As such, it wouldn’t be suitable for eCommerce sites, where potential audience numbers stretch to global proportions.

2.   Use Dynamic Tokens

Dynamic tokens, which change at regular intervals in order to heighten security, are another potential option. By reducing the window of opportunity for a breach, they limit cybercriminal activities, as there generally isn’t time to leverage the token before it becomes invalid.

It is, of course, important to mention that limiting the opportune time for attack is not the same as mitigating an attack, and today’s cybercriminals tend to be precise, fast-acting and aware of how dynamic tokens affect their operations.

3.   Require Further Identifying Criteria

Another option is to add further context besides the token in order to verify the identity of a request. Many companies, for example, use a source IP address of each request in this way.

Again, there are problems here. Proxies are commonly used by cybercriminals, which shields their identity. Should the cybercriminal attack from within the same public place or organization (for example, in a cafe or company building), then both the attacker and the victim will be using the same IP, thus both being identified as a legitimate user.

4.   Browser Fingerprinting

Making use of browser fingerprinting has garnered no shortage of controversy. In much the same way as cookies do, fingerprinting allows for user tracking but without providing the user any option to refuse. As we know, cookies can be easily disabled or refused, yet fingerprinting removes this element of choice and is as such a less popular option.

Despite this, fingerprinting is still one of the most convenient methods for adding an element of identifying context to any request and ensuring the user is exactly who they claim to be.

Tackling Pass-the-Cookie Attacks and Increasing Data Security

There’s no doubt about the fact that pass-the-cookie attacks are on the rise or that cybercriminals continue to keep pace with efforts to thwart them. With the right approaches, an insistence on consistent security protocols and lateral (i.e. adversarial) thinking when it comes to safety and data privacy, there are solid solutions to protect data from this type of crime.

About the Author: Bernard Brode (@BernieBrode) is a product researcher at Microscopic Machines and remains eternally curious about where the intersection of AI, cybersecurity, and nanotechnology will eventually take us.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

The post ” 4 Strategies to Mitigate Pass-the-Cookie Attacks” appeared first on TripWire

Source:TripWire – Tripwire Guest Authors

Tags: CERT, Cloud, Encryption, Finance, Goverment, Medium Severity, Phishing, Privacy, TripWire

Continue Reading

Previous PYSA Ransomware Pillages Education Sector, Feds Warn
Next To Patch or Not to Patch in OT – That Is the Real Challenge

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

2 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

3 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models

14 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

15 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns

18 hours ago [email protected] (The Hacker News)
  • Data Breach

Orchid Security Introduces Continuous Identity Observability for Enterprise Applications

20 hours ago [email protected] (The Hacker News)

Recent Posts

  • Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows
  • Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign
  • Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models
  • DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files
  • China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT