How do cybercriminals operate by stealing cookies?  |  phishing |  technology

More than 10,000 organizations around the world were the target last year of a massive campaign of phishing It is based on stealing session cookies, and is able to bypass two-step authentication, to gain access to legitimate email accounts from which a Business Email Intrusion (BEC) attack could be launched.

Microsoft warned of Extensive phishing campaign that used fraudulent discount-in-the-middle (AiTM) sites to steal users’ session cookie, a type of cookie that saves a user’s login information on a website when it is successful, keeping it active.

To steal a session cookie, a vulnerability has not been exploited as such, Instead, the cyber attackers set up a web server between the user and the legitimate page to intercept the login process.through which they obtained the credentials and the cookie.

Read also: More than 44,000 Peruvians have been trained in digital literacy and production courses

With this cookie, Online attackers can duplicate user loginPretending to be him. This unauthorized access to the account occurs even if the victim has activated a two-factor authentication system, the company explained in a statement.

Through this procedure, The cyber attackers gained access to the email account of the affected usersA legitimate email from which it spreads a massive commercial email marketing campaign to reach new victims.

Specifically, and as detailed by the Company, Microsoft 365 Defender detected the attempt of the AiTM phishing campaign to affect more than 10,000 organizationsOffice 365 users, since September of last year.

In the BEC campaign, Fraudulent emails sent from legitimate addresses They attached a file that claimed to be an audio message even though it wasn’t an mp3 file, but an HTML file. Once downloaded, the victim was redirected to a fake page requesting authentication in Azure AD, thus being able to intercept the credentials and work from within the organization.

Read also: Microsoft will notify users of the end of Windows 8.1

The ultimate goal of this campaign is financial fraud, i.e. deceiving victims into making money transfers by impersonating the organization.

See also  At what time can the campaign take place?

to go unnoticed, The cyber attackers have deleted the fraudulent emails they sent from legitimate accountsand, awaiting responses to the sent email, proceed to remove it as quickly as possible, to avoid raising suspicion.

Despite the fact that this AiTM phishing campaign circumvents the additional layer of security provided by two-factor authentication, Microsoft insists that this is still a “very effective mechanism for stopping a variety of threats,” although it recommends complementing it with anti-virus solutions. Advanced Phishing. Conditional access policies and monitoring of logins for suspicious activity.


Please enter your comment!
Please enter your name here