Massive Cyberattack on Uber raises many questions
By MYBRANDBOOK
A hacker gained control over Uber's internal systems after compromising the Slack account of an employee, according to the New York Times, which says it communicated with the attacker directly. Social engineering is a popular hacking strategy, as humans tend to be the weakest link in any network. Teenagers used a similar ploy in 2020 to hack Twitter.
MFA Fatigue attacks are when a threat actor has access to corporate login credentials but is blocked from access to the account by multi-factor authentication. They then issue repeated MFA requests to the target until the victims become tired of seeing them and finally accept the notification.
Uber has suffered another massive security incident after 2016 and potentially may have compromised its entire network. The hacker was believed to have breached multiple internal systems, with administrative access to Uber’s cloud services including Amazon Web Services Services console, VMware vSphere/ESXi virtual machines, and the Google Workspace admin dashboard for managing the Uber email accounts. The internal systems are breached and vulnerability reports stolen.
The hacker, who claimed to be 18 years old, told NYT he had sent a text message to an Uber employee and said they were able to gain access to Uber's Intranet after conducting a social engineering attack on an employee. The screenshots shared by the hacker, which appears to be full access to many critical Uber IT systems, including the company’s security software and Windows domain.
It is expected that the social engineering hack allowed him to breach Uber’s systems, with the hacker describing the company’s security posture as weak. Experts are expecting that the attacker allegedly used an MFA Fatigue attack and pretended to be Uber IT support to convince the employee to accept the MFA request.
One screenshot posted on Twitter and confirmed by researchers shows a chat with the hacker in which they say they obtained the credentials of an administrative user through social engineering.
The Uber hack demonstrates how important identity management backed by strong authentication, such as hardware security keys, are for privileged systems, and why today’s organizations need the ability to detect when attackers exploit, misuse or steal credentials.
The report says that the person who claimed responsibility for the hack said they sent a text message to an Uber worker claiming to be a company tech employee and persuaded the worker to hand over a password that gave them access to the network.
In recent high-profile attacks against large organizations, persistent attackers can and will find a way around multi-factor authentication systems that rely solely on time-based one-time passwords or push-based authentication.
The need for compartmentalized access to critical resources, strong authentication and detection of identity-based activity is an important part of an organization's layered defenses.
Nazara and ONDC set to transform in-game monetization with ‘
Nazara Technologies has teamed up with the Open Network for Digital Comme...
Jio Platforms and NICSI to offer cloud services to government
In a collaborative initiative, the National Informatics Centre Services In...
BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium
A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...
Pinterest tracks users without consent, alleges complaint
A recent complaint alleges that Pinterest, the popular image-sharing platf...
FIRE BOLTT
CENTRE FOR DEVELOPMENT OF TELEMATICS (C-DOT)
TATA CONSULTANCY SERVICES
MICROTEK INTERNATIONAL PVT. LTD.
ICONS OF INDIA : SANJAY GUPTA
Sanjay Gupta is the Country Head and Vice President of Google India an...
Icons Of India : Arjun Malhotra
Arjun Malhotra, the Chairman of Magic Software Inc., is widely recogni...
Icons Of India : Anil Agarwal
Anil Agarwal, the Founder and Chairman of Vedanta Resources Ltd., is r...
CSC - Common Service Centres
CSC initiative in India is a strategic cornerstone of the Digital Indi...
C-DAC - Centre for Development of Advanced Computing
C-DAC is uniquely positioned in the field of advanced computing...
C-DOT - Center of Development of Telematics
India’s premier research and development center focused on telecommu...
Indian Tech Talent Excelling The Tech World - NIKESH ARORA, Chairman CEO - Palo Alto Networks
Nikesh Arora, the Chairman and CEO of Palo Alto Networks, is steering ...
Indian Tech Talent Excelling The Tech World - Sundar Pichai, CEO- Alphabet Inc.
Sundar Pichai, the CEO of Google and its parent company Alphabet Inc.,...
Indian Tech Talent Excelling The Tech World - Soni Jiandani, Co-Founder- Pensando Systems
Soni Jiandani, Co-Founder of Pensando Systems, is a tech visionary ren...