What Uber’s data breach reveals about social engineering

You can’t attend Transform 2022? View all summit sessions in our on-demand library now! See here.

Few techniques are as popular among cybercriminals as social engineering. Research shows that IT staff receive an average of 40 cheat attacks every year and many organizations are struggling to stop them before it’s too late.

Just yesterday, Uber was added to the long list of companies defeated by social engineering after an attacker managed to gain access to an organization’s internal IT systems, email dashboards, Slack servers, endpoints, Windows domain and Amazon Web Services console.

The New York Times [subscription required] reported that an 18-year-old hacker sent an SMS to an Uber employee, impersonating the support staff to trick them into handing over passwords. Then hackers use it for personal control Slack before gaining access to other critical systems.

The data breach sheds light on the effectiveness of social engineering techniques and recommends that businesses reevaluate their reliance on multi-factor authentication (MFA) to secure their employees’ online accounts.


MetaBeat 2022

MetaBeat will bring together thought leaders to deliver guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

register here

Social engineering: low barrier way to hack

In many ways, Uber The data breach further illustrates the problem of relying on password-based authentication to control access to online accounts. Password are vulnerable to brute force hacks and social engineering scams, and they provide a convenient entry point for attackers to exploit.

At the same time, no matter how good a company’s defenses are, if they rely on passwords to secure their online accounts, it only takes one employee to share their login information. offense.

“Uber is the latest in a string of victims of a social engineering attack. Employees are only human and in the end, mistakes that lead to serious consequences will be made”, said Arti Raman, CEO and Founder of Titaniam. “As this incident demonstrated, despite security protocols in place, information can still be accessed with privileged logins, allowing hackers to steal basic data and share them with the world. gender.”

While measures such as enabling multi-factor authentication can help reduce the likelihood that account takeover effort – they won’t completely stop them.

Review account security

All in all, user awareness is an organization’s best defense against social engineering threats. Using security awareness training to teach employees how to spot manipulation attempts in the form of phishing emails or SMS messages can reduce their chances of being tricked into handing over sensitive information.

Neil Jones, director of cybersecurity evangelism at Egnyte.

Organizations simply cannot make the mistake of thinking that multi-factor authentication is enough to prevent unauthorized access to online accounts. Instead, company leadership should assess the level of risk against the authentication options supported by the account provider and implement additional controls as appropriate.

“Not all MFA elements are created equal. Josh Yavor, CISO, at CISO, said: Tessian.

Instead of relying on these, Yavor recommends implementing secure key technology based on modern MFA protocols like FIDO2 with anti-phishing built into their design. These can then be augmented with secure access controls to enforce device-based requests before giving users access to online resources.

VentureBeat’s mission is a digital city square for technical decision-makers to gain knowledge of transformative enterprise technology and transactions. Explore our summary report.

Source link


Goz News: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, the World everyday world. Hot news, images, video clips that are updated quickly and reliably.

Related Articles

Back to top button