As organizations move to cloud services and multifactor authentication, cookies tied to identity and authentication give attackers a new path to compromise.