Summary

The article discusses a new infostealer named "Storm" that compromises browser sessions by sending data to attacker-controlled servers for decryption. This method allows attackers to bypass traditional security measures such as passwords and multi-factor authentication (MFA).

Key Points

• "Storm" is a new infostealer that targets browser session data.
• The malware skips local decryption, instead sending data to attacker servers for decryption.
• This server-side decryption allows attackers to hijack sessions without needing passwords or MFA.
• Varonis has analyzed the infostealer's method of operation.

Analysis

The "Storm" infostealer represents a significant threat due to its ability to bypass traditional security measures like passwords and MFA. By utilizing server-side decryption, attackers can gain unauthorized access to user sessions, posing a risk to sensitive data and systems. This highlights the need for enhanced security measures that can detect and mitigate such advanced threats.

Conclusion

IT professionals should prioritize monitoring for unusual session activities and consider implementing additional layers of security that can detect server-side decryption attempts. Regular updates and awareness training can also help mitigate the risks posed by such sophisticated malware.