What is Hijacking?
- Web browsing: Attackers can steal session cookies to access a user’s online accounts (banking, email, social media).
- Remote Desktop Protocol (RDP): Hijacking an RDP session allows unauthorised access to a remote computer.
- Microsoft Azure Active Directory (Azure AD): While less common, hijacking Azure AD sessions could grant access to cloud-based resources.
Key component
- Session identifiers (tokens, cookies): These are vulnerable to interception if not properly secured.
- Communication channels: Unsecured networks (public Wi-Fi) make it easier for attackers to steal session data.
- User authentication mechanisms: Weak passwords or lack of multi-factor authentication (MFA) increase the risk of hijacking.
How Microsoft tackles hijacking
Microsoft offers several features to combat session hijacking:
- Azure AD Multi-Factor Authentication (MFA): Adds an extra layer of security beyond passwords.
- HTTPS enforcement: Encrypts communication between web browsers and servers, making it harder to steal session tokens.
- Secure coding practices: Microsoft prioritises secure coding practices in its products to minimise vulnerabilities.
