SpyCloud Launches Solution to Prevent ATO Fraud Caused by Session Hijacking
Session Hijacking (or Cookie Hijacking) 101
STEP ONE
Trick user into clicking on a dangerous link or downloading a malicious attachment to infect their device with malware.
STEP TWO
The malware siphons all manner of data from the infected device, including credentials, autofill info, and web session cookies.
STEP THREE
Use a stolen session cookie to authenticate as the user – without the need for a username and password – bypassing fraud controls including MFA.
SpyCloud Session Identity Protection
SpyCloud Session Identity Protection helps enterprises identify vulnerable users early by providing visibility of their malware-stolen session and device cookies so they can invalidate compromised browser sessions that allow bad actors to bypass MFA.
“There are virtually no indicators that differentiate a legitimate user from a criminal using an anti-detect browser and stolen session cookie data,” said Jacob Wagh, Senior Product Manager at SpyCloud. “SpyCloud’s database of recaptured breach and botnet data shows stolen session cookie data indicating a risk of fraud before the credentials connected to an associated account have even been compromised.”
Session Identity Protection gives enterprises access to stolen session data for their domain as well as third-party workforce service domains (i.e. mycompany.okta.com), so they can address this type of fraud proactively. When companies query the Session Identity Protection API, SpyCloud returns compromised cookie data associated with these domains that puts their users at risk, including the information they need to identify which accounts are vulnerable and determine how to intervene.
Even expired cookies matter: enterprises can also flag users with known compromised devices for future logins or transactions, even if the session has already expired.
Using the recaptured data provided by SpyCloud, enterprises can:
- Protect high-value accounts from bad actors using stolen cookies to mimic trusted devices and sidestep MFA
- Invalidate active sessions identified by a compromised cookie
- Proactively reach out to high-value consumers and build trust
- Flag vulnerable accounts with known compromised devices for increased scrutiny of future logins/transactions (regardless of cookie expiration time)
To learn more about Session Identity Protection, book time with our team:
Only SpyCloud has recaptured billions of stolen cookies from millions of malware-infected devices. We're the experts in using recaptured data to level the playing field with criminals.
This was amazing. We were able to respond quickly, invalidate cookies, and protect millions of customer dollars.
Trusted by market leaders
With 500+ customers around the world, including half of the Fortune 10, SpyCloud is the leader in operationalizing Cybercrime Analytics to protect businesses.
We’re on a mission to make the internet a safer place by disrupting the criminal underground. Together with our customers, we aim to stop criminals from profiting off stolen data.