Cookie-Bite: How Your Digital Crumbs Let Threat Actors Bypass MFA and Maintain Access to Cloud Environments
Varonis News, Friday, April 25th, 2025
Silent and undetectable initial access is the cornerstone of a cyberattack. MFA is there to stop unauthorized access, but attackers are constantly evolving.
Silent and undetectable initial access is the cornerstone of a successful cyberattack. MFA is designed to thwart such unauthorized access, but attackers are constantly evolving their techniques to bypass these defenses.
Varonis Threat Labs researchers uncovered techniques that attackers are using to bypass MFA using stolen browser cookies. By leveraging custom-made malicious browser extensions and automation scripts, attackers can extract and reuse authentication cookies to impersonate users without needing credentials, while keeping persistence.