Pass the cookie attack – but you still need to use MFA and have these extra steps in place

We cannot emphasise how important multi-factor authentication is to your cyber security – however, of course, the threat actors do have ways around it:

Cookie stealing: the new perimeter bypass – Sophos News

The threat is malware getting into your system and stealing session cookies that are associated with the MFA authentication and then the threat actor reusing those tokens.

Your best defence is the best staff training to keep the malware out of your systems in the first place and business standard anti-virus and advance threat protection software.

Multi-factor authentication (MFA) is also referred to as dual-factor authentication (DFA) and two factor authentication (2FA). All have the same function to securely provide a one time password (OTP), only to the authorised user, so they can get access to a service. Examples of services that implement MFA for added security are; Microsoft 365, Google, WordPress and Amazon among many, many others.

A Quick overview of MFA:

Multifactor Authentication | MFA | Microsoft Security

Please Note:

I am on leave so the news this week is “in brief”. You can still contact me via the contact page and Octagon Technology.