How the Cookie Crumbles: Using OSINT to Investigate Dark Web Cookie Sales |
Abstract
On the 1 March 2023, the Office of the Australian Information Commissioner (OAIC) released its annual Notifiable Data Breaches Report, which suggested compromised credentials - whether by phishing or brute-force attacks - made up most cyber incidents leading to data breaches in Australia. A common response to this trend has been to implement multi-factor authentication (MFA) as a measure to secure internet-facing services and reduce credential-based attacks. However, malicious cyber actors have been stealing “cookies” associated with credentials to hijack active authentications. This tactic essentially bypasses MFA controls by using cookie theft (also called session hijacking). Using OSINT tools and techniques we can compile threat intelligence on the tactics, tools, and procedures used by malicious cyber actors to bypass MFA. In our presentation we will identify and track the commercialisation of cookie theft, with a focus on dark web related content and activity. We will provide a threat intelligence briefing on key findings to inform government and business cyber security. Speaker Bio: Emerald is Head of OSINT Combine's Intelligence Services. Prior to joining the team nearly two years ago she spent over a decade working within the Australian Federal Government's security and intelligence community. Emerald has worked across a range of national security programs including counter terrorism, counterintelligence, cyber security, and insider threats. Emerald has applied a diverse array of operational counter measures to these threat programs, including OSINT. |