Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA
Sep 30, 2024
Identity Theft / Phishing Attack
Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this , as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft). Attacks on session cookies now happen in the same order of magnitude as password-based attacks (Google). But session hijacking isn't a new technique – so what's changed? Session hijacking has a new look When we think of the classic example of session hijacking, we think of old-school Man-in-the-Middle (MitM) attacks that involved snooping on unsecured local network traffic to capture credentials or, more commonly, financial details like credit card data. Or, by conducting client-side attacks compromising a webpage, running malicious JavaScript and using cross-site scripting (XSS) to steal the victim's session ID. Session hijacking looks quite different these days. No longer network-based, modern session hijacking is an identity-based attack perfo