TechnologyThe Uber Hack’s Devastation Is Just Starting to Reveal...

The Uber Hack’s Devastation Is Just Starting to Reveal Itself


On Thursday evening, ride-share giant Uber confirmed that it was responding to “a cybersecurity incident” and was contacting law enforcement about the breach. An entity that claims to be an individual 18-year-old hacker took responsibility for the attack, bragging to multiple security researchers about the steps they took to breach the company. The attacker reportedly posted, “Hi @here I announce I am a hacker and Uber has suffered a data breach,” in a channel on Uber’s Slack on Thursday night. The Slack post also listed a number of Uber databases and cloud services that the hacker claimed to have breached. The message reportedly concluded with the sign-off, “uberunderpaisdrives.”

The company temporarily took down access on Thursday evening to Slack and some other internal services, according to The New York Times, which first reported the breach. In a midday update on Friday, the company said that “internal software tools that we took down as a precaution yesterday are coming back online.” Invoking time-honored breach-notification language, Uber also said on Friday that it has “no evidence that the incident involved access to sensitive user data (like trip history).” Screenshots leaked by the attacker, though, indicate that Uber’s systems may have been deeply and thoroughly compromised and that anything the attacker didn’t access may have been the result of limited time rather than limited opportunity.

“It’s disheartening, and Uber is definitely not the only company that this approach would work against,” says offensive security engineer Cedric Owens of the phishing and social engineering tactics the hacker claimed to use to breach the company. “The techniques mentioned in this hack so far are pretty similar to what a lot of red teamers, myself included, have used in the past. So, unfortunately, these types of breaches no longer surprise me.”

The attacker, who could not be reached by WIRED for comment, claims that they first gained access to company systems by targeting an individual employee and repeatedly sending them multifactor authentication login notifications. After more than an hour, the attacker claims, they contacted the same target on WhatsApp pretending to be an Uber IT person and saying that the MFA notifications would stop once the target approved the login. 

Such attacks, sometimes known as “MFA fatigue” or “exhaustion” attacks, take advantage of authentication systems in which account owners simply have to approve a login through a push notification on their device rather than through other means, such as providing a randomly generated code. MFA-prompt phishes have become more and more popular with attackers. And in general, hackers have increasingly developed phishing attacks to work around two-factor authentication as more companies deploy it. The recent Twilio breach, for example, illustrated how dire the consequences can be when a company that provides multifactor authentication services is itself compromised. Organizations that require physical authentication keys for logins have had success defending themselves against such remote social engineering attacks.

 The phrase “zero trust” has become a sometimes meaningless buzzword in the security industry, but the Uber breach seems to at least show an example of what zero trust is not. Once the attacker had initial access inside the company, they claim they were able to access resources shared on the network that included scripts for Microsoft’s automation and management program PowerShell. The attackers said that one of the scripts contained hard-coded credentials for an administrator account of the access management system Thycotic. With control of this account, the attacker claimed, they were able to gain access tokens for Uber’s cloud infrastructure, including Amazon Web Services, Google’s GSuite, VMware’s vSphere dashboard, the authentication manager Duo, and the critical identity and access management service OneLogin.





Original Source Link

Latest News

Why social media companies keep copying each other

With Simple Snapchat, the company is pawing at TikTok’s vertical video feed. They weren’t so thrilled when Instagram...

Dogecoin Open interest Remains Muted Below $500 Million, What’s Going On?

Este artículo también está disponible en español. With the market recovery, open interest in major assets has been rising,...

Did central banks get the inflation crisis right?

Donald Trump had his own interpretation of the Federal Reserve’s jumbo interest rate cut this week — and...

The Shade Room Founder Is Ready to Dial Down the Shade

Angie Nwandu launched The Shade Room in 2014 as a side hustle. Today, that side hustle—which grew from...

Trump Campaign Admits They’re “Totally F*cked”

Donald Trump made the decision to disable the Republican Party’s get-out-the-vote operation, which means that in large swaths...

Must Read

We Are Watching Trump’s Ultimate Implosion

George Conway said that Trump’s old tricks aren’t...
- Advertisement -

You might also likeRELATED
Recommended to you