Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
According to the FBI, there are cookie monsters on the loose. And they aren’t anything like the beloved blue muppet.
Last month, the FBI Atlanta Division warned that cybercriminals are becoming “increasingly focused” on stealing Remember-Me cookies to access their victim’s emails.
Remember-Me cookies refer to cookies that are associated with a user’s login information. The FBI claims that these cookies—which are typically generated when a person chooses “Remember this device” during the login process for a website—last for about 30 days before expiring and allow a user to bypass entering their login credentials and multi-factor authentication.
According to the federal agency, cybercriminals obtain Remember-Me cookies when their victims click on phishing links that download malicious software on their devices and visit shifty websites.
If you give a cybercriminal a cookie. Earlier this year, a NordVPN report revealed that over 54 billion (54,008,833,188) cookies have been leaked on the dark web markets. The virtual private network service was able to detect that bad actors had access to a variety of sensitive information when tapping the stolen cookies including a person’s password, address, and sexual orientation.
Attackers are becoming more strategic in their execution of phishing attacks that are used to steal information such as cookies, with some leveraging URL protection services to disguise malicious links and others relying on GenAI to craft seemingly convincing scam emails.
The FBI recommends that users remain protected by regularly clearing their cookies, avoiding suspicious links, and monitoring their recent device login history.