free counter

The Uber Hacks Devastation IS MERELY Beginning to Reveal Itself

On Thursday evening, ride-share giant Uber confirmed that it had been giving an answer to a cybersecurity incident and was contacting police concerning the breach. An entity that claims to be a person 18-year-old hacker took responsibility for the attack, bragging to multiple security researchers concerning the steps they took to breach the business. The attacker reportedly posted, Hi @here I announce I’m a hacker and Uber has suffered a data breach, in a channel on Uber’s Slack on Thursday night. The Slack post also listed several Uber databases and cloud services that the hacker claimed to possess breached. The message reportedly concluded with the sign-off, uberunderpaisdrives.

The business temporarily took down access on Thursday evening to Slack plus some other internal services, in accordance with THE BRAND NEW York Times, which first reported the breach. In a midday update on Friday, the business said that internal software tools that people took down as a precaution yesterday are returning online. Invoking time-honored breach-notification language, Uber also said on Friday that it does not have any evidence that the incident involved usage of sensitive user data (like trip history). Screenshots leaked by the attacker, though, indicate that Uber’s systems might have been deeply and thoroughly compromised and that anything the attacker didn’t access might have been the consequence of limited time instead of limited opportunity.

Its disheartening, and Uber is certainly not the only real company that approach works against, says offensive security engineer Cedric Owens of the phishing and social engineering tactics the hacker claimed to utilize to breach the business. The techniques mentioned in this hack up to now are pretty much like what a large amount of red teamers, myself included, purchased previously. So, unfortunately, these kinds of breaches no more surprise me.

The attacker, who cannot be reached by WIRED for comment, claims they first gained usage of company systems by targeting a person employee and repeatedly sending them multifactor authentication login notifications. After a lot more than one hour, the attacker claims, they contacted exactly the same target on WhatsApp pretending to be an Uber IT person and saying that the MFA notifications would stop after the target approved the login.

Such attacks, sometimes referred to as MFA fatigue or exhaustion attacks, benefit from authentication systems where account owners can simply approve a login by way of a push notification on the device instead of through other means, such as for example providing a randomly generated code. MFA-prompt phishes have grown to be increasingly more favored by attackers. And generally, hackers have increasingly developed phishing attacks to work around two-factor authentication as more companies deploy it. The recent Twilio breach, for instance, illustrated how dire the results can be whenever a company that delivers multifactor authentication services is itself compromised. Organizations that want physical authentication keys for logins have had success defending themselves against such remote social engineering attacks.

The phrase “zero trust” has turned into a sometimes meaningless buzzword in the security industry, however the Uber breach appears to at the very least show a good example of what zero trust isn’t. After the attacker had initial access in the company, they claim these were in a position to access resources shared on the network that included scripts for Microsoft’s automation and management program PowerShell. The attackers said that among the scripts contained hard-coded credentials for an administrator account of the access management system Thycotic. With control of the account, the attacker claimed, these were in a position to gain access tokens for Uber’s cloud infrastructure, including Amazon Web Services, Google’s GSuite, VMware’s vSphere dashboard, the authentication manager Duo, and the critical identity and access management service OneLogin.

Read More

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker