Browser Session Token Hijacking is a grave cyber security threat that isn’t new, however, many overlook this profoundly serious threat, one which poses potential risks to not just individuals but entire businesses. This is something that Linus Media Group, a renowned technology YouTube channel (Including Linus Tech Tips, Techquickie, TechLinked, ShortCircuit and others), experienced earlier this year and illustrates the threat which this poses.
Browser Session Token Hijacking involves the unlawful theft or manipulation of tokens that authenticate user sessions within a web browser. Once these tokens are stolen, attackers can clone the user's browser session, thereby circumventing password controls and even two-factor authentication (2FA) for online accounts. This can include active sessions such as accessing email accounts, online shopping, social media and even your online banking portal.
An example of this, Linus Media Group, despite employing robust passwords and multi-factor authentication, their YouTube account was compromised through this very attack method. A user downloaded a PDF, believed to be from a brand sponsor, which infected the user's machine. The attacker then managed to steal the signed in user session which included access to a number of their YouTube channels, hide their videos, hijack, rename multiple channels and use those channels to stream fraudulent content. This occurrence exposed shortcomings in YouTube's permissions, session, and user management, demonstrating that even well-secured businesses are not immune to this type of attack. Thankfully in the case of Linus Media Group they were able act quickly, took the affected user off the network (and destroyed the SSD (Solid State Drive) and managed to work with YouTube to resolve the issue. Due to the users' access levels not having access to all accounts (or other areas of their business), attackers were also not able to access their website, online store, forum, validation labs servers or their own independent video hosting platform.
Whilst in the case of Linus Media Group they were able to get this issue resolved, however the potential ramifications for other businesses could be severe. In today's era of online collaboration and cloud computing, where employees access company resources via web browsers and banking transactions occur online, a hijacked session token could grant attackers unrestricted access to confidential data, financial records, bank accounts, email services, cloud storage, social media platforms, proprietary assets and much more.
The key to averting this risk starts with a comprehensive cyber security solution. In a March 24th episode of their Podcast “The WAN Show”, host Luke Lafreniere stated that the attack occurred as the Malware Signature was not picked up by their Anti-Virus before the damage had already been done, their cyber security solution did generate an alert, however, no automated actions took place in the middle of the night, & when the compromised device was identified, they did not have the staff available to remediate the issue immediately. If they had had a 24/7 Security Operations Centre (SOC) available to them, the SOC would have been able to identify the security breach as it was happening and take measures to prevent it whilst also working with their in-house technical team.
Businesses must recognise that Browser Session Token Hijacking is not merely a hypothetical hazard; it is a concrete threat with real-life implications. To defend against this hidden danger, businesses can mitigate the risks of attack through a number of solutions:
The breach of security at Linus Media Group is a very public wake-up call for businesses worldwide. In a world where cyber security threats against businesses grow and evolve every day, understanding and guarding against attacks like Browser Session Token Hijacking must be a top priority.
By embracing the practices mentioned above and fostering a culture of constant vigilance and learning, businesses can create a formidable barrier against this and other cyber threats.