Try for free
    31.01.2022

    Cookies and Data Security

    When we visit a new site that we have not visited before, a window pops up prompting us to accept the use of cookies, and in 99% of cases, we accept. But do we know what it means?

    Cookies have been a part of the Internet almost from the very beginning, but many people still do not know what they are, why they should or should not be accepted. In 2011, the EU adopted the law “About Cookies”, since that time, first all EU countries, and then many others, have committed to asking users for permission to use cookies when working with content.

    What are cookies?

    Basically, cookies are a piece of code that tracks users' online activity on a website. The vast majority of cookies do not pursue malicious purposes, but only provide convenient use of the Internet platform, for example, leave the user logged in or remember the data entered in the forms so that later they can be inserted automatically.

    However, tracking cookies can be more aggressive and track the user's browsing history, location, and type of device used. All mentioned data particles make up a personal portrait of the user with his personal information, which hardly anyone wants to share. This data may be transferred to a "third party" – third-party software such as, for example, Google Analytics. Actually, that is why cookies have recently caused a resonance in the information security community, and the largest Internet platforms refuse cookies or are working on a form for quickly refusing cookies.

    Cookies and information security

    As already mentioned, in general, cookies are harmless, but nowadays more and more people are trying to delve into the issues of their information security, so the question of the need to use cookies has been put on the agenda. On the one hand, staying logged in on the site, moving between resources, automatically inserting information about yourself into the form, not entering the captcha key many times saves time. But, on the other hand, maybe it's better not to accept cookies and stay incognito on the site, or at least not let the resource remember password information in order to stay more secure? Next, we will talk about the most popular trap cookies, through which user information can easily fall into the hands of intruders.

    Fake cookie requests. Such requests can either duplicate the “accept cookies” pop-up window or replace it altogether. Website owners usually do not immediately notice the substitution, because fake cookie requests do not differ from real ones, and the user clicks on both. Attackers hack the platform code, insert fake cookie permission requests and collect user data for the purpose of further resale or extortion.

    Cross-site request forgery. With this type of fraud, users fall for a fake request by going to another site using a link from the previous one. For example, when making an online purchase, the main site redirects us to a new payment page, where we again offer to accept cookies. Naturally, the second pop-up window with the request is fake and, in addition to collecting personal information about the user, the attacker will also receive financial data from the payment page.

    Session hijacking is an attack in which an attacker steals a user's active session on a website in order to gain unauthorized access to activities and information on that website. Session hijacking requires the attacker to determine the session ID. The session ID can be stolen from the user's browser cookies, often through cross-site activity monitoring. When transmitted, the session ID can be observed by listening to network traffic, which is sent with every request to the server.

    How to prevent tracking cookies?

    Internet users can prevent cookie pop-ups by simply turning on the ‘Do Not Track’ feature in their browser settings. You can also clear cookies by clearing your browsing history. Another alternative is to install an ad blocker as standalone software or download browser extensions that track ads and spam information. These methods are generally considered reliable for protecting user data. Some sites provide a “do not track data” feature when you visit, for example, on Twitter you can choose this configuration and not have to worry about spam and cookie requests.

    How can corporate employees deal with the risks associated with cookies?

    In addition to the above methods of protection, management is advised to attend to the installation of a DLP system. A DLP system is a software solution for protecting confidential company data, since company data passes through employees, their data also needs to be well protected. Falcongaze's DLP SecureTower is a functional system that controls all user communication channels.

    Where do we most often accept cookies? When visiting various Internet resources. And fake requests to accept cookies can lurk in phishing and spam messages, which, in turn, are very often transmitted by e-mail, messengers and social networks, and cloud storage.

    SecureTower controls all mail transmitted via MAPI, POP3, SMTP, IMAP, HTTP + mail from external mail services such as Gmail, Mail.ru, Yandex.Mail. The system automatically analyzes the text of messages, sent files and images for the presence of confidential information in them. Also, SecureTower can block the sending of messages by analyzing text content and attachments.

    Most popular messengers are also controlled: Skype, Viber, Telegram, WhatsApp, Zoom, and others. The system automatically analyzes messages, sent files and images, voice messages and calls for the presence of confidential information.

    SecureTower controls modern social networks: Vkontakte, Facebook, Twitter, LinkedIn, Instagram, Odnoklassniki and others. The sent messages, files and images, voice messages and calls are analyzed for the presence of private data. The DLP system also controls the communication of employees in blogs, online chats, forums, etc.

    Conclusion

    Cookies themselves are not considered harmful and destructive, but in 2022, attackers have learned to fake requests to accept cookies, now they are literally indistinguishable from real ones. The most dangerous thing that cookies are fraught with is fixing the user's personal information, which, falling into the hands of fraudsters, is resold to third parties or from an auction, not to mention targeted attacks on superusers. Now cookies are no longer so welcomed by the Internet community, therefore, in order not to be convicted of forcing users to accept cookies, many companies began to massively offer, along with "accept cookies", the "do not track data" form.

    It is easy to protect a computer from any type of attacks using relevant software, so managers who pay attention to the information security of their business should better think about installing a DLP system that will solve many problems related not only to cookies, but also to information protection in general.

    Important publications

    The SecureTower DLP system

    • Protection against data leaks caused by employees
    • Control of employees' work on computers
    • Identification of potentially dangerous employees (risk analysis)