The devastation of Uber Hack is just beginning to reveal

On Thursday night, Uber ride-sharing giant confirmed that it was responding to “a cybersecurity incident” and was contacting law enforcement about the breach. An entity claiming to be an 18-year-old hacker claimed responsibility for the attack, bragging to multiple security researchers about the steps they had taken to compromise the company. The attacker reported posted, “Hello @ here I am a hacker and Uber has suffered a data breach,” in an Uber Slack channel Thursday night. The Slack post also lists a number of Uber databases and cloud services that the hacker claims to have compromised. The reported message ends with logout, “uberunderpaisdrives.”

The company temporarily removed access Thursday night to Slack and a number of other internal services, according to New York Timeswhich first report violations. In one midday update on Friday, the company said “internal software tools that we took down as a precaution yesterday will be back online.” Offering time-respected breach notification language, Uber also said on Friday that it “has no evidence that the incident involved access to sensitive user data (such as trip history).” However, the screenshots leaked by the attacker show that Uber’s systems may have been deeply and thoroughly compromised, and anything the attackers didn’t access could be due to time constraints. not due to limited opportunity.

Attack security engineer Cedric Owens said of the phishing and social engineering tactics hackers claimed to be using to compromise the company: “It’s disappointing and Uber is certainly not the only company. which this method can counter. “The techniques mentioned in this hack so far are quite similar to what a lot of red teams, myself included, have used in the past. So, unfortunately, violations of this kind no longer surprise me.”

The attacker, who was unable to reach WIRED for comment, claim that they gained access to corporate systems for the first time by targeting an individual employee and repeatedly sending them multi-factor authentication login notifications. After more than an hour, the attacker claimed, they contacted the same target on WhatsApp pretending to be an Uber IT employee and said that the MFA notifications would stop once the target approved the login.

Such attacks, sometimes referred to as “MFA fatigue” or “burnout” attacks, take advantage of authentication systems in which account owners simply approve logins through push notifications on their device rather than through other means, such as providing a code. More and more MFA reminder scams popular with attackers. And in general, hackers have increasingly developed phishing attacks to work around two-factor authentication as more companies implement it. Recently Violating Twilio, for example, illustrates how dire the consequences can be when a company offering multi-factor authentication is compromised. Organizations that require a physical authentication key for login can succeeded protect yourself against such remote social engineering attacks.

Phrase “distrust“has become a sometimes meaningless buzzword in the security industry, but the Uber breach seems to at least show an example of what distrust is. Once an attacker has initial access input inside the company, they request they can access shared resources on the network including scripts for Microsoft automation and management programs PowerShell. The attackers say that one of the pieces of code contains hard-coded credentials for the administrator account of the Thycotic access management system. With control of this account, the attacker claims, they were able to obtain access tokens for Uber’s cloud infrastructure, including Amazon Web Services, Google’s GSuite, VMware’s vSphere console , Duo authentication manager and OneLogin key identity and access management service.

Source link


Goz News: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, the World everyday world. Hot news, images, video clips that are updated quickly and reliably.

Related Articles

Back to top button