What is Browser Session Token Hijacking?

Browser Session Token Hijacking: A Rising Threat to Businesses

Browser Session Token Hijacking is a grave cyber security threat that isn’t new, however, many overlook this profoundly serious threat, one which poses potential risks to not just individuals but entire businesses. This is something that Linus Media Group, a renowned technology YouTube channel (Including Linus Tech Tips, Techquickie, TechLinked, ShortCircuit and others), experienced earlier this year and illustrates the threat which this poses.

What is Browser Session Token Hijacking?

Browser Session Token Hijacking involves the unlawful theft or manipulation of tokens that authenticate user sessions within a web browser. Once these tokens are stolen, attackers can clone the user's browser session, thereby circumventing password controls and even two-factor authentication (2FA) for online accounts. This can include active sessions such as accessing email accounts, online shopping, social media and even your online banking portal. 

An example of this, Linus Media Group, despite employing robust passwords and multi-factor authentication, their YouTube account was compromised through this very attack method. A user downloaded a PDF, believed to be from a brand sponsor, which infected the user's machine. The attacker then managed to steal the signed in user session which included access to a number of their YouTube channels, hide their videos, hijack, rename multiple channels and use those channels to stream fraudulent content. This occurrence exposed shortcomings in YouTube's permissions, session, and user management, demonstrating that even well-secured businesses are not immune to this type of attack. Thankfully in the case of Linus Media Group they were able act quickly, took the affected user off the network (and destroyed the SSD (Solid State Drive) and managed to work with YouTube to resolve the issue. Due to the users' access levels not having access to all accounts (or other areas of their business), attackers were also not able to access their website, online store, forum, validation labs servers or their own independent video hosting platform.

Why is Browser Session Token Hijacking a Danger to Businesses?
Whilst in the case of Linus Media Group they were able to get this issue resolved, however the potential ramifications for other businesses could be severe. In today's era of online collaboration and cloud computing, where employees access company resources via web browsers and banking transactions occur online, a hijacked session token could grant attackers unrestricted access to confidential data, financial records, bank accounts, email services, cloud storage, social media platforms, proprietary assets and much more. 

How can your Business stay protected from Browser Session Token Hijacking?
The key to averting this risk starts with a comprehensive cyber security solution. In a March 24th episode of their Podcast “The WAN Show”, host Luke Lafreniere stated that the attack occurred as the Malware Signature was not picked up by their Anti-Virus before the damage had already been done, their cyber security solution did generate an alert, however, no automated actions took place in the middle of the night, & when the compromised device was identified, they did not have the staff available to remediate the issue immediately. If they had had a 24/7 Security Operations Centre (SOC) available to them, the SOC would have been able to identify the security breach as it was happening and take measures to prevent it whilst also working with their in-house technical team.

Businesses must recognise that Browser Session Token Hijacking is not merely a hypothetical hazard; it is a concrete threat with real-life implications. To defend against this hidden danger, businesses can mitigate the risks of attack through a number of solutions: 

• Use Customisable Permissions: Only grant specific access rights based on the user's role, limiting the potential damage from compromised accounts.
• Introduce a Clear All Sessions Solution: Some online services will allow administrators to clear all active signed in sessions, meaning that they can immediately log all users out of their accounts and require password and 2FA access back into their accounts. Web Browsers such as Google Chrome, Microsoft Edge and others are also able to clear all sessions on close, meaning that you would be required to sign back into all services each time you close and re-open a browser.
• Regular Cyber Security Audits and Training: Conducting regular Cyber Security checks and educating employees on the risks of phishing attacks and other cyber security threats will build a robust defence line against these types of attack. For advice on how to spot and prevent phishing, read our article about this.
• Implement a Comprehensive Cyber Security Solution: At TwentyFour we can work with businesses to assess their current Cyber Defence Level, work to understand their business, who has access to what, and who requires access. Implementing a comprehensive cyber security solution, including active monitoring through a security operations centre, can help to protect your business from a wide range of threats, including browser session token hijacking.

The breach of security at Linus Media Group is a very public wake-up call for businesses worldwide. In a world where cyber security threats against businesses grow and evolve every day, understanding and guarding against attacks like Browser Session Token Hijacking must be a top priority.  

By embracing the practices mentioned above and fostering a culture of constant vigilance and learning, businesses can create a formidable barrier against this and other cyber threats.