According to a report shared by CloudSEKa company that operates in the field of IT securityone of the most frequent cyber threats of recent months starts from Cookie or rather from a vulnerability found inside them.
According to initial statements, digital attackers are using these files to illegally access data and personal information from Google accountsnot only exposing it to a serious risk people’s privacy but also all of theirs connected devices to the Big G ecosystem.
The discovery, in reality, dates back until October 2023 when on a group Telegram, a hacker has released the first information about this flaw in the system. Today, several months later, the threat becomes scary again, highlighting how this “small hole” in Big G’s security could become a global threat.
-
1. What are Cookies and what are they for?
The term Cookie can be translated from English literally as “biscuit” and are nothing but gods very small text files which are used by the servers of different websites to obtain specific information on activities that users perform on these pages.
When a person uses their device to visit the site, a Cookie is sent to them which is “renewed” at each new visit in order to make everything that happens traceable during your stay on these pages, even after a long time.
Just think that every time someone visits a site they remain in the browser e inside the PC many traces of his passage. This is not, however, a “violation of privacy” because, actually, it is the user himself who, when he connects to a specific URL, requests from the server all the information about what he is going to visit.
Exist different types of CookiesThere are session ones (which are temporary) and they are deleted after each session and then there are those permanentwhich end up inside the memory e remain archived until you proceed with deleting the relevant folder.
Naturally, the most common are session ones, which are used to guarantee pages and users one better time on the webespecially for “step procedures”, all those pages that require different procedures to carry out the actions within them, such as loginfor example, or the filling the cart of an e-commerce.
Then there are the cookies defined as “non-essential”, which are used for profile usersstudy their behaviors and improve the services offered by the networkor define people’s preferences to send them targeted advertisements based on their personal tastes.
There would be much more to say about Cookies but, in terms of IT security, it is enough to know what has just been said: they are very small text files that keep track of the activities carried out by users on the web.
-
2. How Cookie Attacks Work
Naturally Google also uses i Cookie and, specifically, session ones which are exploited by the site to keep users connected to their account and access the ecosystem of services offered by Big G.
This is where the above vulnerability comes into play, with hackers being able to do so bypass any security protocolsincluding two-factor authentication and without even needing to know your password.
According to the statements of the companies that deal with cyber security, a preliminary analysis of these breaches shows a very sophisticated systemimplemented by someone who has in-depth knowledge of the sector and, specifically, of the system for authentication to Google services.
Besides, it also seems that not even changing your password can serve to keep one’s account safe, with users actually not even realizing they have been hacked, at least not until the digital attackers decide to let them know via anomalies during navigation, theft of data and information personal, money theft and naturally, blackmail to get your privacy back.
The company should already have taken matters into its own hands and, indeed, should already be working on some fix patch (even if a release date is not yet available), however this does not mean that the vulnerability is rather complex to fix and decidedly elaborate.
Despite these declarations and the first “maneuvers” to stem the phenomenon, the threat is still tangible and could potentially affect millions of users around the world.
-
3. How to protect yourself from this threat
Protect yourself from such threats it is extremely complicated, also because for a good part of their life these malware they remain practically invisible and, until Google limits the problem, understanding that you have been infected is practically impossible.
Meanwhile, the Mountain View giant invites users to enable the mode Advanced safe browsing are Chromea first line of defense that could keep users safe, at least while waiting for a definitive solution to be found.
If you suspect that you have been “infected”, the best advice is to log out immediately from all accesses made with the browser and await further information from Big G.
As mentioned, change password it may not be enough to eradicate the infection and stay safe, however it is always a recommendable procedure which represents at least a system for slow down hackers and make his attack a little more complicated.
To know more: Computer security: guide to safe browsing on the web