Infostealers: How attackers are stealing your cookies and bypassing MFA

A few months ago, the Snowflake breach shone a light on the threats posed by infostealers. In it, 80% of the credentials used were seen in infostealer infections dating back to 2020. Naturally, the fact that the credentials that facilitated one of the largest breaches in history were just sitting around on the internet is seriously alarming.  

Attackers are also increasingly using infostealers to steal authenticated user sessions, bypass MFA and take over corporate accounts. From there, they can access and steal sensitive data, take over critical functionality, and pivot to conduct more traditional attacks like deploying ransomware.

Join Luke Jennings, VP R&D at Push Security, as he rolls up his sleeves to demonstrate: 

• How attackers use infostealers to steal sessions and compromise MFA-protected services like M365.
• How attackers use residential VPNs to bypass conditional access policies.
• How downstream SaaS app sessions can be stolen to avoid the need to access highly protected IDPs like Microsoft and Okta.

Luke will showcase a range of tools to show what infostealers actually do when they run on your machine, and break down how stolen data can be used to target downstream apps and services. 

He’ll also take you through the key families of infostealers as well as open source examples to demonstrate how they work under the hood – and explore if it really is that easy to use a stolen session cookie to hijack a session after all!