Why Multifactor Authentication and complex passwords are not enough?
Table of Contents
What is Session hijacking?
Session hijacking is an attack that involves an attacker going after the session tokens that are stored locally on your computer web browser. These session tokens store the credentials that have been validated in an SQLite database (assuming you are using Chrome/Chromium). So, every request that goes to the same domain in the future will have a lookup in the database and if found, will be sent back with the request to allow you to access the site without being prompted for a login. While promoting ease of use these session tokens can be hijacked and copied to an external system by an attacker, circumventing all other security controls.
This is normally done via some kind of phishing or malware attack where the attacker sends an email posing as someone in your company or preying on your fear or with a reward system to get you to open a link or attachment that they sent you. These emails are usually called phishing if it’s a wide attack or spear phishing if it’s aimed at you or your organization specifically.
There was a recent incident when a famous social media platform was hacked this way. It is an ongoing problem for them where creators are hacked almost daily in this way. All clever security controls are circumvented when someone emails you posing as a sponsor or as a supplier emailing you a quote to get you to open an attachment.
What we can do
There are three improvements recommended by eBuilder security:
- A Zero Trust Architecture will help you limit any potential damage from an attack. If an attacker is able to gain access, this will limit the access they have, for example looking over who is allowed to Read, Write, and Delete, to start with, or even application access.
- Cybersecurity threats are constantly evolving, so it’s essential to stay informed on the latest attack techniques and how to prevent them. This is not only important for admins or security professionals but more so for the users since they are the attack vector the threat actors are aiming for. Today having a well-managed security awareness program is a must. It will help you find risk users and to contain them or at the very least try to educate your employees about existing and new threats. It should be a continuous process so that when new threats are discovered such as QRLJacking or in this case Session hijacking, they are included and employees are educated in a manner simple and easy for every employee.
- To enforce policies on your suppliers to have session timeouts, to require elevation (Windows Access Rights), and to require reauthentication in case of certain actions such as delete or update.
References:
- https://owasp.org/www-community/attacks/Session_hijacking_attack
- https://www.neowin.net/news/linus-tech-tips-youtube-channels-were-hacked-due-to-a-session-hijacking-attack/
- https://cyolo.io/blog/mitre-attck/lateral-movement-what-it-is-how-zero-trust-protects-you-from-it/
- https://www.cisecurity.org/controls/security-awareness-and-skills-training
- https://owasp.org/www-community/attacks/Qrljacking