Web browser cookies are one of the most common, and effective, ways to track user activity on a website. As a result, protecting them is a key element of preventing attackers from extracting sensitive information.
Specifically, sites that embed third-party scripts (analytics services, social media widgets, etc.) are at greater risk of having those services attempt to steal their user’s cookie and use it for nefarious purposes.
While traditional network and endpoint protections still have their place in most organisations, the importance of monitoring user activity has also increased. Read on to discover how you can defend your business and customers against cookie stealing.
Cookies are small bits of text data stored by your web browser on your computer. Every time you visit a website, the site's server may send a cookie to your browser. Each cookie contains a unique ID that identifies the server that sent it and the date and time it was sent. Many websites use cookies for purposes such as keeping you logged in so you don't have to enter your credentials again when you return, tracking the pages you've visited, and remembering which ads you've seen.
Cookies can also be used to collect other information about your browsing activity and behaviour data, including how long you spend on a particular page, what links you click on, and whether you hide content or show ads.
Cookie stealing is the act of intercepting and stealing cookies that are sent to a website visitor’s computer. Attackers know that if they can find a way to keep themselves in the visitor’s browser, they can essentially hijack the user’s session and take over their account. This allows attackers to impersonate legitimate users and gain access to sensitive data.
Cookie targeting has become a popular method of attack; last year, game developer Electronic Arts was extorted by an cybercriminals who stole 780GB of data after purchasing a stolen session cookie, which allowed them to spoof an existing employee login.
Let’s say we have a website that uses analytics services. The code is hosted on a website which has been compromised by attackers. Once the attackers have the ability to read the content of the user’s cookies, they will attempt to steal the victim’s credentials from the analytics services.
The attacker can also try to modify the user’s cookies by adding their own cookie. This will allow them to read the cookies and see which ones contain credentials for the analytics services. They will then replace those cookies with their own cookie, which will allow them to continue reading the analytics cookies over the coming days and weeks. The end result is that they will have the ability to log into the analytics services as though they were the website owner.
A crafted cookie attack is a type of web application attack where an attacker crafts a cookie to be sent to the target, usually in order to obtain sensitive information. Once the target visits the attacker's website, they will receive, and then interpret, the cookie in their browser. The attacker can then use this information to gain access to the target's account and/or steal their private data.
Targeted exploitation is when cybercriminals use their position in the network and implement exploitation tools to enhance their access. Sophos discovered an extended intrusion of this active attack in June 2022, in which cookie stealing was part of ongoing attacks specifically targeting cookies in Microsoft Edge browsers.
The best way for websites to protect themselves from cookie theft is to take steps to prevent their cookies from being read by attackers. This includes:
One of the simplest and most effective ways to reduce the risk of cookie stealing is to regularly clear cookies. This is because your browser keeps a record of all the sites you visit, along with the information that you enter. Clearing cookies every time you log in to a new device or website will make it more difficult for cybercriminals to use this information to access your personal information.
Web browser cookies are one of the best ways to track user activity on a website. As a result, protecting them is a key element of preventing attackers from extracting sensitive information.
Sophos uses behavioural rules to help prevent cookie abuse, and also detects information-stealing malware with certain memory and behaviour detections. The cyber security specialists at Essential Tech can implement Sophos into your business and fully manage the environment for maximum effectiveness.