Partner Article

Yahoo breach raises concerns about endpoint security

It has been revealed that Yahoo has fallen victim to another cyber-attack – this time hackers have forged cookies to gain access to customer accounts. Yahoo has yet to confirm how many accounts have been affected by this latest attack, but the comapny’s forensic experts are investigating the attack that tricks the browser toallow an intruder access to users’ accounts without a password. This forged cookie may have been used in the 2015 and/or 2016 attacks. Yahoo has now invalidated the forged cookies so they cannot be used again.

“Yahoo just can’t catch a break at the moment – following the two mega-breaches revealed last year, the company has been targeted yet again by hackers, said Richard Henderson, global security strategist at Absolute. “Cookie hijacking is fairly sophisticated and involves hackers tricking the web browser into notifying Yahoo that the user has already logged in. The obvious question is why, if these attacks occurred in 2015 and 2016, were they only flagged at the end of 2016? It looks like the initial disclosure by Yahoo in December was massively overshadowed by the larger breaches announced prior, but now users are being notified it’s a totally different story.

Henderson continued: “This breach will certainly raise awareness of this type of attack. Well-known vectors, such as the insider threat, APTs and DDoS attacks are already on our radar – but cookie hijacking is relatively unfamiliar. In truth, it can be quite a bit much more frightening than the others. Once the hacker has created the forged cookie and logged in, they can essentially roam around online accounts without raising any immediate red flags.

“For businesses, identifying this type of attack is a real challenge – particularly as BYOD continues to dominate business communications. In today’s always-connected world, users will often enter their credentials and ask to remain logged in so that they can easily and quickly access online accounts irrespective of device. As businesses struggle to oversee and manage the growing number of endpoints they have, this type of attack could easily slip through the net. It’s therefore more important than ever that organisations have full, persistent insight into every endpoint and the data it holds – even if the device isn’t connected to the corporate network or falls into the wrong hands,” concluded Henderson.

This was posted in Bdaily's Members' News section by Absolute .