In the security attack against Uber, the offender took advantage of social engineering to trick an Uber professional into authorizing a two-factor login demand. Those credentials were then offered on the dark web where the attacker purchased them, Uber explained.
Initially rejecting those requests, the specialist ultimately accepted one, enabling the aggressor to effectively sign in, according to Uber.
Analyzing the level of the damage, Uber said that the assaulter downloaded some internal Slack messages and accessed or downloaded information from an internal tool used by the financing staff to handle invoices. The opponent likewise accessed Ubers dashboard at HackerOne, a tool utilized by security scientists to report bugs.
Must-read security coverage.
Armed with the necessary account information, the offender then tried to visit to the specialists Uber account. Each attempt set off a two-factor authentication demand sent out to the real user. At first rejecting those demands, the specialist ultimately accepted one, permitting the aggressor to successfully sign in, according to Uber.
After checking in using the professionals credentials, the assaulter had the ability to gain access to other staff member accounts, consequently offering them raised privileges to numerous internal tools, including G-Suite and Slack. Boasting of their achievement, the attacker published a message on the businesss Slack channel that stated: “I reveal I am a hacker and Uber has actually suffered a data breach.” The perpetrator also customized Ubers OpenDNS system to show a graphic image to workers on specific internal sites.
What data or details was affected by the breach?
Examining the degree of the damage, Uber stated that the assaulter downloaded some internal Slack messages and accessed or downloaded information from an internal tool utilized by the financing staff to handle billings. The attacker likewise accessed Ubers dashboard at HackerOne, a tool utilized by security researchers to report bugs. The accessed bug reports have actually considering that been solved, the business included.
The opponent did not gain access to any production or public-facing systems, any user accounts, or any sensitive databases with credit card and financial information or journey information, according to Uber. Nor did they make any adjustments to Ubers codebase or gain access to data kept by the companys cloud service providers, Uber added.
What did Uber do after the attack?
In response to the breach, Uber took several actions.
The business said it recognized any employee accounts that were compromised or possibly jeopardized and obstructed their access to Uber systems or required a password reset. It disabled certain impacted internal tools, reset access to lots of internal services, locked down its codebase to prevent any changes and forced employees to re-authenticate access to internal tools. The company added that its boosting its multi-factor authentication policies and set up additional tracking of its internal environment for any suspicious activity.
The attack might have been more severe, and Uber has taken steps to clean up the damage, the breach points to a regrettable reality about cybersecurity. Even with the proper security tools in location, such as MFA, a company can come down with a cyberattack due to the negligence of a single employee or professional.
” There is just one solution to making push-based MFA more resistant, which is to train your employees, who utilize push-based MFA, about the typical kinds of attacks versus it, how to spot those attacks, and how to reduce and report them if they take place,” stated Roger Grimes, data-driven defense evangelist at KnowBe4. “If youre going to depend on push-based MFA, and truly any quickly phished MFA to protect your company, you need to aggressively inform employees. Anticipating them to manage every security scenario properly without the appropriate education is wishing and hoping, and wanting and hoping does not stop destructive hackers.”.
In last weeks security breach against Uber, the enemies downloaded internal messages from Slack along with details from a tool utilized to handle billings.
Image: Sundry Photography/Adobe Stock
Uber has laid the blame for its current security breach at the feet of Lapsus$, a cybercrime group that uses social engineering to target technology firms and other organizations. In an update about the security occurrence that Uber published on Monday, the ride-hailing company expressed its belief that the aggressor or aggressors are connected with Lapsus$, which has been active over the past year and has actually hit such tech giants as Microsoft, Cisco, Samsung, NVIDIA and Okta.
How did Lapsus$ perform the attack on Uber?
In the security attack against Uber, the offender made the most of social engineering to fool an Uber professional into approving a two-factor login demand. In this chain of events, the external professionals individual gadget had actually most likely been contaminated with malware, therefore exposing the individuals account qualifications. Those credentials were then sold on the dark web where the enemy purchased them, Uber explained.
SEE: Protect your service from cybercrime with this dark web monitoring service (TechRepublic Academy).