Credential Stuffing Surge Targets Businesses and Individuals.
The recent surge in credential stuffing attacks highlighted by Okta serves as a stark reminder of the importance of robust cyber security practices. These attacks…
Google Takes Aim at Cookie Theft: New Security Feature Protects Users
Cyber security experts have long warned about the dangers of cookie theft, a tactic used by hackers to bypass online security measures. Now, Google is taking decisive action with a new Chrome browser feature called Device Bound Session Credentials (DBSC). This technology aims to render stolen cookies useless, significantly reducing the success of cyber attacks.
Understanding Cookie Theft
Cookies are small text files that websites store on your device to remember your preferences, login information, and other details. While cookies are essential for a smooth online experience, they can also be exploited by cybercriminals.
Malware designed to steal cookies can infiltrate your device and swipe these valuable data snippets. Hackers then use the stolen cookies to impersonate you on websites, even if you have multi-factor authentication (MFA) enabled. This allows them to access your sensitive information, potentially leading to financial loss, identity theft, or reputational damage.
How Device Bound Session Credentials (DBSC) Works
DBSC tackles this threat by cryptographically linking your online sessions to your specific device. Here’s a simplified explanation:
- Secure Key Generation: When you start a new online session (e.g., logging into your email), Chrome generates a pair of keys – one public, one private.
- Safe Storage: The private key is securely stored on your device, often using hardware like Trusted Platform Modules (TPMs) that are highly resistant to tampering.
- Sharing Only the Public Key: The public key is sent to the website for verification purposes.
With this setup, the website can continually verify that requests are coming from the device that originally started the session. If a hacker steals your cookie, they won’t have the corresponding private key, making the cookie worthless on any other machine.
Prevention and Protection
While DBSC offers a robust layer of defence, staying vigilant against cyber threats remains crucial. Here’s how to protect yourself:
- Keep Software Updated: Ensure that your operating system, web browser, and antivirus software always have the latest security patches installed.
- Be Cautious with Downloads: Avoid downloading files or programs from untrusted sources.
- Use Strong Passwords: Create unique, complex passwords for each online account. Consider using a password manager to help.
- Enable Multi-Factor Authentication (MFA): Wherever possible, use MFA to add an extra layer of security to your online accounts.
The Future of Online Security
Google’s initiative with DBSC is a significant step forward in the fight against cookie theft. As the feature becomes widely adopted, users can expect a safer online environment. However, it’s essential to remember that cybersecurity is an ongoing battle. Staying informed and practicing safe online habits will always be your best defence against evolving threats.
More reading at:
Related articles
Cisco Firewall Vulnerabilities: Urgent Action Needed to Protect Against State-Sponsored Espionage
Businesses and organisations relying on Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defence (FTD) firewalls are being advised to take immediate action to protect…
Cybercriminals Threaten Release of Sensitive World-Check Database
A recent cyber attack has resulted in a serious data breach affecting the World-Check database, a critical tool used by financial institutions and other organisations…