In the world of business security, awareness is the first line of defense. Today, we explore a critical alert for the hotel industry: the “Inhospitality” campaign. This malicious endeavor, unearthed by the vigilant eyes at Sophos, a renowned security firm, underscores the importance of vigilance in the face of increasingly sophisticated cyber threats.
The Campaign’s Modus Operandi
A Deceptive Approach: Cybercriminals, exploiting the busy holiday travel season, are targeting hotels worldwide with a nefariously clever phishing campaign. The tactic? Sending emails mimicking complaints or information requests to hospitality workers.
The Lure: These emails range from grievances about service issues to queries aiding future bookings. The creativity in crafting these complaints is alarming – from alleged incidents of diseases, allergic reactions, to suspicions of staff misconduct.
The Trap: When a hotel representative responds, the cybercriminals reply with a message containing malicious links under the guise of supporting documentation.
The Execution: These links lead to public cloud storage services like Google Drive, Mega.nz, or Dropbox. Victims are tricked into downloading malware-laden, password-protected archive files.
Examples of Sophistication
Emotional Manipulation: In one instance, a threat actor feigned a quest for a lost camera containing photos of a deceased relative, preying on the hotel employees’ empathy.
Exploiting Vulnerabilities: Another instance involved a fabricated story of booking rooms for a family member with a disability, complete with fake medical recommendations.
A Pattern of Deception
This isn’t an isolated strategy. Similar tactics were used against tax firms in the US, particularly around the federal tax filing deadline in April 2023.
The Implications for Your Business
Why It Matters: The hospitality sector, bustling and service-oriented, is particularly vulnerable to such social engineering attacks. The drive to provide excellent customer service can inadvertently lead to lowered guards against such sophisticated threats.
ISO 27001 and GDPR Compliance: Implementing robust information security management systems compliant with standards like ISO 27001, and adhering to GDPR, is crucial in safeguarding sensitive data.
Xiphos: Your Shield Against Cyber Threats
At Xiphos, we specialize in fortifying businesses against such threats. Our comprehensive Business Security and Resilience program provides essential tools and education to tackle these challenges head-on. We offer:
Education and Training: Over 500 courses to enhance your team’s awareness and response to cyber threats.
Incident Management Support: Expert guidance in handling and recovering from security incidents.
ISO 27001 and GDPR Implementation: Ensuring your business is compliant and secure.
1-on-1 Support and Q&A Sessions: Tailored assistance to address your specific security needs.
Conclusion
The “Inhospitality” campaign is a stark reminder of the ever-evolving landscape of cyber threats. Protecting your business is not just about technology; it’s about awareness, preparedness, and resilience. At Xiphos, we are committed to helping you achieve this. Visit our Business Security and Resilience program to learn more and safeguard your organization against such sophisticated threats.
For inquiries and assistance in fortifying your business security, contact us at Xiphos. Together, we can ensure your protection against such pernicious threats.
Today, ransomware stands out as a particularly insidious challenge for businesses across the globe. Almost all Cybersecurity reports highlights ransomware as the top threat to small and medium businesses and enterprises in various sectors, including financial, healthcare, retail, manufacturing, and more. This concern is amplified by the fact that many ransomware attacks go unreported, meaning the actual scale of the problem could be much larger than perceived.
Ransomware’s Evolving Methods
Cyber criminals now have access to Ransomware as a Service (RaaS) and Initial Access Brokers (IAB) that exemplify the sophistication and adaptability of ransomware threats. These subscription-based models allow for the sale of infiltrated corporate resources and ransomware tools to cybercriminals. Furthermore, cloud-based ransomware, which targets SaaS applications, poses an increasing threat. U.S. and EU based companies are often prime targets, irrespective of the ransomware type/group/strain.
Legal Implications
Governments globally, especially in the U.S. and the EU, have taken a firm stance against the payment of ransoms in response to cyberattacks, underpinned by rigorous laws and regulations. In the United States, a landmark 2020 ruling by the Department of Treasury’s Office of Foreign Assets Control (OFAC) and the Financial Crimes Enforcement Network (FinCEN) explicitly states that the majority of ransom payments are illegal. This ruling is part of a broader effort to deter cybercriminal activities and to cut off a vital funding source for these illegal operations.
In the European Union, the approach to combating ransomware is equally stringent. The NIS Directive, DORA, and GDPR empower EU member states to impose substantial fines on entities that pay ransoms, particularly when it involves “essential services.” or “personal data”. This directive is a key component of the EU’s broader cybersecurity strategy, which aims to enhance the security and resilience of network and information systems across the Union.
Furthermore, the EU’s Digital Operational Resilience Act (DORA) and the General Data Protection Regulation (GDPR)play pivotal roles in shaping the cybersecurity landscape. DORA focuses on ensuring that the financial sector, crucial to the EU’s economy, is capable of withstanding, responding to, and recovering from all types of ICT-related disruptions and threats. GDPR, on the other hand, emphasizes the protection of personal data and imposes hefty penalties for data breaches, which can be a consequence of ransomware attacks. These regulations collectively create an environment where paying ransoms is not only discouraged but can also lead to significant legal and financial repercussions.
In the U.S., similar regulations and standards are in place. Besides the OFAC and FinCEN directives, other frameworks and laws, such as the Health Insurance Portability and Accountability Act (HIPAA) for healthcare data, and various state-level data breach laws, contribute to an overarching structure that aims to reduce the incentives for ransomware attacks by making payments illegal and punishable.
The combined effect of these regulations in both the U.S. and EU is to encourage organizations to invest more in preventative measures rather than capitulating to ransom demands. This approach aims to reduce the profitability of ransomware for cybercriminals, hoping to diminish the frequency and impact of these attacks. However, it also places a significant burden on businesses and organizations to bolster their cybersecurity defenses and to ensure compliance with an increasingly complex web of regulations and laws.
The Ethical and Brand Considerations
Paying ransomware demands can often leads to regulatory fines, especially in cases involving sensitive personal data under regulations like HIPAA and GDPR. There’s also a severe impact on a brand’s perceived trustworthiness, potentially affecting market position and investor confidence. Paying the ransom doesn’t guarantee data recovery, and there’s always the risk that attackers may return.
Financial and Operational Ramifications
High-profile cases like JBS Foods and Colonial Pipeline, which paid substantial ransoms, highlight the complex decision-making involved in responding to ransomware attacks. The aftermath of such decisions can have wide-ranging operational, legal, financial, and brand implications.
The Technical Response to Ransomware
Businesses face significant technical challenges in both preventing and responding to ransomware attacks. The importance of an integrated cybersecurity approach is evident, emphasizing the need for regular backups, patch updates, and comprehensive cybersecurity education and practices.
A Proactive Approach
To counter these threats, businesses must adopt a holistic approach to cybersecurity and cyber resilience. Tools like Endpoint Security, Web and Mail Security can help defend your organization from these threats.
The Bottom Line
While the consensus among security experts leans towards not paying ransoms, each situation is unique and warrants a thorough assessment by security professionals and legal counsel. The key is to prepare for potential security breaches and have a clear plan for the aftermath of an attack, emphasizing the importance of cyber resilience in the business environment.
Remember, the best way to defend against ransomware is through a multi-layered approach that includes both proactive measures and reactive strategies:
Education and Awareness: Regularly train employees on cybersecurity best practices. This should include recognizing phishing emails, avoiding suspicious links and attachments, and understanding the importance of not sharing personal or company information.
Robust Backup Systems: Implement a robust backup strategy, following the 3-2-1 rule – keep at least three copies of your data, two on different storage types, and one offsite or in the cloud. Regularly test these backups to ensure they work correctly.
Update and Patch Systems: Keep all software and operating systems up to date. Regularly patching known vulnerabilities prevents attackers from exploiting them to infiltrate your network.
Implement Advanced Security Solutions: Utilize advanced cybersecurity tools like antivirus software, firewalls, and intrusion detection systems. Consider endpoint detection and response (EDR) solutions for more comprehensive protection.
Access Control and Privilege Management: Limit user access only to the resources necessary for their role. Use strong passwords and consider implementing multi-factor authentication for an added layer of security.
Incident Response Planning: Have a clear and tested incident response plan in place. This should include steps to isolate infected systems, communicate with stakeholders, and restore operations from backups.
Regular Security Audits and Assessments: Conduct regular security audits and vulnerability assessments to identify and address potential security gaps in your network.
Collaboration with Security Experts: Engage with cybersecurity experts or consult a managed security service provider for specialized knowledge and support.
Stay Informed: Keep abreast of the latest cybersecurity threats and trends. This knowledge can help in adapting your security strategy to counter new types of ransomware and other evolving threats.
Legal and Compliance Considerations: Be aware of legal and compliance requirements related to cybersecurity in your region. This includes understanding any implications of paying ransoms and reporting requirements for cyber incidents.
By implementing these strategies, organizations can significantly reduce their risk of a ransomware attack and be better prepared to respond if an attack occurs.
Analyzing the Prospects of Banning Ransomware Payments: A Multifaceted Approach
In the face of escalating ransomware threats, the idea of legislating a ban on ransom payments presents a multifaceted challenge. Such a law would have significant implications for businesses, law enforcement, and the tactics of cybercriminals. For organizations, a legal prohibition on paying ransoms could lead to a short-term decrease in revenue for ransomware groups, especially in regions enforcing the ban. This compliance, however, might also push these criminal entities to redirect their focus to countries without such restrictions, potentially impacting their income negatively due to a shift from high-value Western targets.
For businesses, especially those without robust cybersecurity measures, this scenario could mean losing access to critical data permanently and risking operational collapse. In an environment where paying the ransom is illegal, these unsecured businesses face a stark choice: lose their data (and possibly their entire business) or break the law. On the enforcement front, governments would grapple with significant obstacles, particularly in tracing and regulating cryptocurrency transactions – the common medium for ransom payments. Despite recent advances in the regulation of illicit crypto activities, the task of distinguishing illegal transactions remains daunting due to the inherent challenges of blockchain technology.
Adaptability is a hallmark of ransomware groups, and a ban on ransom payments would likely trigger a shift in their tactics. These groups might pivot to other forms of cybercrime, such as data theft for extortion or direct financial theft, targeting businesses in jurisdictions without a payment ban. Additionally, there is the potential for these groups to adopt more covert methods, reducing transparency in their operations and making tracking and enforcement more challenging. This could lead to a new form of double extortion, where businesses are quietly threatened with data exposure after illicit payments, driving these criminal activities further underground. The result could be a murky landscape where the activities of ransomware groups become more difficult to trace, presenting new challenges for cybersecurity defense and law enforcement.
Conclusion
As the adage goes, prevention is indeed better than cure. Ensuring robust protection for your business is paramount, and if you find yourself in need of guidance to bolster your cybersecurity measures, don’t hesitate to reach out for assistance. We’re here to support you and offer a free consultation to address your security concerns. You can schedule your consultation at Xiphos Security Portal.
In the ever-evolving world of technology, attackers innovate at an alarming pace. With the dawn of the AI era, the line between machine and human deception blurs. But can AI truly match the deceptive prowess of the human mind in the realm of phishing? Securityintelligence.com gives the answer.
The Experiment: Machines vs. Minds
AI’s Power Play Imagine a world where AI competes with humans in crafting the perfect phishing email. Our experiment began with this premise. The results were startling: with just five prompts, the AI crafted a phishing email in a mere five minutes. When juxtaposed with the human average of 16 hours, the efficiency gains for attackers using AI become undeniable.
Question: How did the AI fare against seasoned human social engineers in effectiveness? Answer: While it didn’t outdo human-crafted emails, it was alarmingly close, a sign of things to come.
Round One: AI’s Assault
The AI was given a set of five prompts and tasked with generating phishing emails tailored to the healthcare sector. By strategically focusing on the industry’s primary concerns, the AI employed a blend of social engineering and marketing techniques aimed at maximizing engagement.
Example: An AI-crafted email focused on “Career Advancement” might impersonate an “Internal Human Resources Manager” and use social engineering techniques like “Trust” and “Authority” to convince employees to click on a link.
Round Two: The Human Touch
Human experts, on the other hand, relied on a mix of creativity, psychology, and open-source intelligence (OSINT) to craft their phishing emails. Their method added an authentic touch, often hard for machines to replicate.
Question: What made the human-crafted emails more effective? Answer: Emotional intelligence, personalization, and succinct subject lines played a pivotal role in its higher success rate.
The Verdict: A Narrow Escape
Humans narrowly outperformed AI, but the margin was slim. With AI’s rapid advancements, it’s evident that we’re on the cusp of a new era in cyber threats.
Prepping for the Future: Stay Guarded
With the looming AI threat, how can businesses and individuals stay prepared?
Always Double-Check: Unsure of an email’s authenticity? Reach out to the sender directly.
Grammar Isn’t Everything: Perfectly written emails can still be malicious. Stay vigilant.
Evolve Training Programs: Introduce techniques like vishing to address the changing threat landscape.
Stay Ahead: Continuously adapt and innovate to stay ahead of cyber threats.
Did you know? Even with perfect grammar, longer emails can be a hallmark of AI-generated content. They can serve as a red flag for potential phishing threats.
Final Thoughts
The intersection of AI and phishing is a call to action for a paradigm shift in our cybersecurity approaches. By embracing change and staying vigilant, we can ensure a safer digital future.
Stay Protected with Xiphos Given the topic of this article, it’s crucial for businesses to fortify their cyber defenses. Check out our ISO 27001 services to establish a robust information security framework. Let Xiphos be your guide in navigating the complex world of cyber threats.
The rapid evolution of malware and cyber threats is a growing concern for businesses across the globe. A recent discovery by Kaspersky has unveiled a sophisticated cross-platform malware framework called StripedFly. This malware successfully remained undetected for five years, infecting over a million Windows and Linux systems.
Malware Overview:
Origins: StripedFly’s activity traces back to 2017. Initially, it was misclassified as a mere Monero cryptocurrency miner. However, its capabilities far exceed simple cryptocurrency mining.
Attributes: The malware is recognized for its advanced TOR-based traffic concealing mechanisms, automatic updates from trusted platforms, and its ability to spread like a worm. Notably, it features a custom EternalBlue SMBv1 exploit. The level of sophistication suggests it’s an APT (advanced persistent threat) malware.
Discovery: Kaspersky’s researchers identified StripedFly by detecting its shellcode in the WININIT.EXE process of the Windows OS. Upon deeper investigation, they uncovered its complex mechanisms of downloading and executing files, including PowerShell scripts, from legitimate hosting services like Bitbucket, GitHub, and GitLab.
Spread Mechanism: Infected devices were likely compromised using a custom EternalBlue SMBv1 exploit targeting exposed computers. The malware uses a custom lightweight TOR network client for encrypted communications, can disable the SMBv1 protocol, and spreads to other Windows and Linux devices using SSH and EternalBlue.
Persistence: For persistence on Windows, StripedFly varies its behavior based on privilege levels and the presence of PowerShell. On Linux, it disguises itself as ‘sd-pam’ and achieves persistence using various methods.
Modules and Operations:
StripedFly operates with a versatile set of modules, some of which include:
Configuration Storage: For encrypted malware configuration storage.
Upgrade/Uninstall: Manages malware updates or removal.
Credential Harvester: Collects sensitive user data, including passwords and usernames.
Recon Module: Sends detailed system information to the C2 server.
Monero Mining Module: Mines Monero, disguised as a “chrome.exe” process.
These modules allow StripedFly to act as an APT, crypto miner, and potentially even a ransomware group. The presence of a Monero crypto miner, which has seen fluctuating values over the years, is believed to be a diversion tactic. The main objective of the threat actors is likely data theft and system exploitation.
Protecting Your Business:
Understanding the intricacies of such advanced threats is paramount for businesses aiming to safeguard their digital assets. With threats like StripedFly lurking in the digital realm, it’s crucial to have a robust information security management system in place. Additionally, adhering to standards such as ISO 27001 can further bolster your organization’s defenses against such sophisticated attacks.
This is a reminder of the stealthy threats that can go undetected for extended periods. It’s essential to invest in comprehensive security solutions and to stay updated with the latest threats. At Xiphos, we offer tailored services in information security management, risk management, and more to help businesses ensure their protection against such threats. Reach out to us today to fortify your defenses.
In a disclosure that shakes the bedrock of trust in network security, Cisco has recently alerted the public to a critical zero-day vulnerability in its IOS XE software. The vulnerability—officially tracked as CVE-2023-20198—exposes a multitude of late-model Cisco devices to potential full-scale compromises. Cisco’s Talos security team has already observed active exploits in the wild, accentuating the immediacy of the threat.
The Vulnerability
This glaring vulnerability resides in the web UI feature of the IOS XE software. It can be exploited on any device that operates HTTP or HTTPS Server functionalities. First flagged in late September, the full gravity of the issue was not clear to Cisco until October 12, when unauthorized local user account creation was observed from a suspicious IP address.
The exploitation methodology involves the “implant” of a configuration file on the targeted device. This implant takes effect upon a web server restart. Intriguingly, the implant has been delivered using both a known secondary vulnerability and another mechanism that remains undetermined, according to the Talos team.
The Potential Consequences
The severity of the flaw can hardly be overstated: it allows remote attackers to establish fully functional admin accounts, providing a virtual carte blanche to manipulate the compromised devices. Michelle Abraham, IDC research director, warns that the possibilities are extensive—from deploying the router in a DDoS attack to intercepting or altering network traffic. Even more alarming is the capability to insert malicious firmware for sustained backdoor access.
Cisco’s Recommendations
While a security patch is still under development, Cisco has issued strong recommendations for users to disable HTTP/S server features on potentially vulnerable devices. The company’s threat advisory offers guidelines on how to check the presence of HTTP/S servers as well as the malicious implant. According to Cisco, restricting access from untrusted hosts and networks to the HTTP Server feature via access lists has been deemed an effective mitigation strategy.
Identifying the Threat Actors
The identity of the entities exploiting this vulnerability remains elusive. Yet, irrespective of who is behind these actions, the critical nature of the vulnerability mandates swift and decisive action to safeguard the integrity of organizational networks.
In an unsettling revelation that underscores the potential vulnerabilities even in reputed platforms, Google has been discovered hosting a malicious advertisement that’s astoundingly convincing. The fraudulent ad masquerades as a promotion for the popular open-source password manager, Keepass. Adding to the credibility of the scam, clicking on the advertisement directs users to a website that appears to be the official Keepass site at first glance. This two-pronged scheme combines the trustworthiness attributed to Google’s ad platform and an almost identical URL to craft a near-perfect illusion.
The Sophistication of the Deception
On an initial inspection, the advertisement and the website it leads to seem entirely legitimate. The URL, ķeepass[.]info, appears genuine, especially when viewed in a browser’s address bar. However, on closer scrutiny, it’s evident that the website is fraudulent. The URL is an encoded representation of xn--eepass-vbb[.]info, which propagates a malware family known as FakeBat.
The encoding technique leveraged here is called punycode. This method allows for the incorporation of unicode characters into standard ASCII text. In this instance, it creates a subtle, easily overlooked comma-like figure below the ‘k’ in the URL. This little detail is even more challenging to detect when the URL is supported by a valid TLS certificate, as was the case here.
The Accountability of Established Platforms
The disturbing fact is that the fraudulent ads were sponsored by a verified advertiser, Digital Eagle, according to Google’s Ad Transparency Center. This raises critical questions about the robustness of the verification processes in place, even on platforms that command a high level of trust. Google has yet to respond to queries about this issue, although it has stated in the past that it takes down fraudulent ads as quickly as possible upon discovery.
No Foolproof Detection Yet
Unfortunately, there is no definitive mechanism to identify malicious Google ads or punycode-encoded URLs currently. All major browsers mislead the user to the imposter site when the URL is entered. While a manual inspection of the TLS certificate may offer some assurance, this method is not always feasible for lengthy URLs.
Towards a More Secure Future
In an era where technological advancements are enabling increasingly sophisticated cyber threats, businesses and individuals alike must cultivate a culture of heightened vigilance. More than ever, it’s vital to exercise caution and scrutinize every interaction, no matter how trustworthy the source may appear.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
__cf_bm
1 hour
This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
apbct_headless
never
Cleantalk set this cookie to detect spam and improve the website's security.
apbct_page_hits
never
CleanTalk sets this cookie to prevent spam on comments and forms and act as a complete anti-spam solution and firewall for the site.
apbct_pixel_url
never
Clean Talk sets this cookie to make WordPress anti-spam cookies, e.g., spam on forms and comments.
apbct_site_landing_ts
never
CleanTalk sets this cookie to prevent spam on comments and forms and act as a complete anti-spam solution and firewall for the site.
apbct_urls
never
CleanTalk Spam Protect sets this cookie to prevent spam on our comments and forms and acts as a complete anti-spam solution and firewall for this site.
apbct_visible_fields
never
CleanTalk sets this cookie to prevent spam on the site's comments/forms, and to act as a complete anti-spam solution and firewall for the site.
cookielawinfo-checkbox-advertisement
1 year
Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics
1 year
Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Analytics" category.
cookielawinfo-checkbox-functional
1 year
The GDPR Cookie Consent plugin sets the cookie to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
1 year
Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Necessary" category.
cookielawinfo-checkbox-others
1 year
Set by the GDPR Cookie Consent plugin, this cookie stores user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance
1 year
Set by the GDPR Cookie Consent plugin, this cookie stores the user consent for cookies in the category "Performance".
CookieLawInfoConsent
1 year
CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
ct_has_scrolled
never
CleanTalk sets this cookie to store dynamic variables from the browser.
ct_pointer_data
never
CleanTalk sets this cookie to prevent spam on the site's comments/forms, and to act as a complete anti-spam solution and firewall for the site.
ct_timezone
never
CleanTalk–Used to prevent spam on our comments and forms and acts as a complete anti-spam solution and firewall for this site.
rc::a
never
This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
rc::c
session
This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
viewed_cookie_policy
1 year
The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Cookie
Duration
Description
ct_checked_emails
never
Clean Talk sets this cookie to prevent spam on the site's comments or forms.
ct_checkjs
never
Clean Talk sets this cookie to prevent spam on the site's comments or forms.
ct_fkp_timestamp
never
Clean Talk sets this cookie to prevent spam on the site's comments or forms.
ct_ps_timestamp
never
Clean Talk sets this cookie to prevent spam on the site's comments or forms.
yt-player-headers-readable
never
The yt-player-headers-readable cookie is used by YouTube to store user preferences related to video playback and interface, enhancing the user's viewing experience.
yt-remote-cast-available
session
The yt-remote-cast-available cookie is used to store the user's preferences regarding whether casting is available on their YouTube video player.
yt-remote-cast-installed
session
The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
yt-remote-connected-devices
never
YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id
never
YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-fast-check-period
session
The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
yt-remote-session-app
session
The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
yt-remote-session-name
session
The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
ytidb::LAST_RESULT_ENTRY_KEY
never
The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
_ga
1 year 1 month 4 days
Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*
1 year 1 month 4 days
Google Analytics sets this cookie to store and count page views.
ct_screen_info
never
CleanTalk sets this cookie to complete an anti-spam solution and firewall for the website, preventing spam from appearing in comments and forms.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
VISITOR_INFO1_LIVE
6 months
YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
VISITOR_PRIVACY_METADATA
6 months
YouTube sets this cookie to store the user's cookie consent state for the current domain.
YSC
session
Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt.innertube::nextId
never
YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests
never
YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.