Okta says it’s adding greater protections to what hackers are increasingly seeing as a sweet internet hall pass: the session cookie.
The authentication vendor’s post-breach remediation step—to bind session cookies to network location—is one valuable way to potentially stop an attacker from hijacking sessions and fast-passing through security. The add-on demonstrates concern for an increasingly popular break-in tactic that offers instant access.
“The biggest threat that I see facing the industry is session-cookie theft, because it completely invalidates all the security controls that we’re putting in place up front to try to authenticate users to applications,” Jason Rebholz, CISO at Corvus Insurance, told IT Brew. “They’re basically just cutting in line and going straight around all your defenses and getting straight to the ultimate objective of getting access to your organization.”
What happened? According to a Nov. 3 post by Okta, a threat actor hijacked the Okta customer-support portal by gaining access to an HTTP archive file known as a HAR, or HTTP Archive. The log is essentially a flight recording of everything happening on the browser, said Rebholz, including active session cookies that gave attackers access to the support portal for Okta customers.