Massive Cyberattack on Uber raises many questions
By MYBRANDBOOK
A hacker gained control over Uber's internal systems after compromising the Slack account of an employee, according to the New York Times, which says it communicated with the attacker directly. Social engineering is a popular hacking strategy, as humans tend to be the weakest link in any network. Teenagers used a similar ploy in 2020 to hack Twitter.
MFA Fatigue attacks are when a threat actor has access to corporate login credentials but is blocked from access to the account by multi-factor authentication. They then issue repeated MFA requests to the target until the victims become tired of seeing them and finally accept the notification.
Uber has suffered another massive security incident after 2016 and potentially may have compromised its entire network. The hacker was believed to have breached multiple internal systems, with administrative access to Uber’s cloud services including Amazon Web Services Services console, VMware vSphere/ESXi virtual machines, and the Google Workspace admin dashboard for managing the Uber email accounts. The internal systems are breached and vulnerability reports stolen.
The hacker, who claimed to be 18 years old, told NYT he had sent a text message to an Uber employee and said they were able to gain access to Uber's Intranet after conducting a social engineering attack on an employee. The screenshots shared by the hacker, which appears to be full access to many critical Uber IT systems, including the company’s security software and Windows domain.
It is expected that the social engineering hack allowed him to breach Uber’s systems, with the hacker describing the company’s security posture as weak. Experts are expecting that the attacker allegedly used an MFA Fatigue attack and pretended to be Uber IT support to convince the employee to accept the MFA request.
One screenshot posted on Twitter and confirmed by researchers shows a chat with the hacker in which they say they obtained the credentials of an administrative user through social engineering.
The Uber hack demonstrates how important identity management backed by strong authentication, such as hardware security keys, are for privileged systems, and why today’s organizations need the ability to detect when attackers exploit, misuse or steal credentials.
The report says that the person who claimed responsibility for the hack said they sent a text message to an Uber worker claiming to be a company tech employee and persuaded the worker to hand over a password that gave them access to the network.
In recent high-profile attacks against large organizations, persistent attackers can and will find a way around multi-factor authentication systems that rely solely on time-based one-time passwords or push-based authentication.
The need for compartmentalized access to critical resources, strong authentication and detection of identity-based activity is an important part of an organization's layered defenses.
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Icons Of India : Bhavish Aggarwal
Indian entrepreneur Bhavish Aggarwal is the CEO of Ola, India’s larg...
ICONS OF INDIA : RAJESH NAMBIAR
Rajesh leads the company’s India associates and enhances relationshi...
Icons Of India : Dr. Sanjay Bahl
Dr. Sanjay Bahl has around four decades of experience in the ICT indus...
UIDAI - Unique Identification Authority of India
UIDAI and the Aadhaar system represent a significant milestone in Indi...
BSE - Bombay Stock Exchange
The Bombay Stock Exchange (BSE) is one of India’s largest and oldest...
C-DAC - Centre for Development of Advanced Computing
C-DAC is uniquely positioned in the field of advanced computing...
Indian Tech Talent Excelling The Tech World - Soni Jiandani, Co-Founder- Pensando Systems
Soni Jiandani, Co-Founder of Pensando Systems, is a tech visionary ren...
Indian Tech Talent Excelling The Tech World - AJAY BANGA, President - World Bank
Ajay Banga is an Indian-born American business executive who currently...
Indian Tech Talent Excelling The Tech World - NEAL MOHAN, CEO - Youtube
Neal Mohan, the CEO of YouTube, has a bold vision for the platform’s...