In the early hours of March 23rd, Canadian media company LMG and its subsidiary LTT were hacked, and several of their YouTube channels, with over 15 million subscribers, were diverted into an Bitcoin scam. LMG is no novice when it comes to IT and cybersecurity, as they specialize in providing information to technology and IT enthusiasts and are highly skilled IT professionals themselves. Despite this, it took almost two days to restore functionality, and it uncovered that they were the victims of a session hijack attack through an infected email. The fact that experienced technology professionals can fall prey to cyber-attacks underscores the even greater risk faced by small businesses without similar expertise.
What is a session hijack attack?
A session hijack attack is a type of cyber-attack where a hacker steals a user’s active session on a website or application. When you log into a website or application, a session is created that allows you to continue to use the website or application without logging in again. A session hijack attack can occur when a hacker gains access to your active session without your knowledge, giving them the ability to see and manipulate your information. This can lead to the theft of sensitive information, such as passwords or financial data.
But I have the authentication app or text message authentication. Am I safe?
MFA or multifactor authentication is a valuable part of any company’s security posture. It involves registering another method of verification in addition to a password. However, a session hijacking steals the authenticated session, so it’s like handing the hacker a logged-in laptop after the password and two-factor authentication have been completed. Using an authentication app is great, but it won’t prevent this type of attack.
How do I protect myself?
Different applications have different ways in which sessions are expired: time, location, IP, etc. However, there is certainly room for improvement. One great way to protect your organization is through a conditional access mechanism. In other words, this mechanism requires users to fulfill certain conditions before being granted access to data, regardless of whether they have an authenticated session, password, or MFA. Also, email scanning and sandboxing could have prevented the malicious email attachment from reaching the user in the first place.
How can TST help?
At TST, we recognize the challenges faced by small businesses in the current IT landscape and are here to help. As your trusted experts, let us handle the ever-changing world of IT and cyber threats so that you can focus on what you do best without the added stress of IT concerns. Our priority is to ensure that your team is both productive and secure, and we’re committed to supporting your business every step of the way.
References
https://www.theverge.com/2023/3/23/23653115/linus-tech-tips-youtube-hack-crypto-scam
