Uber suffers severe cyber attack

0

Controversial ridesharing service Uber is investigating a serious cybersecurity breach that has forced it to take a number of critical systems offline after an alleged teenage hacktivist allegedly socially engineered an attack on an employee.

The incident came to light late Thursday, September 15, when loud New York Timeswho first reported the story, an individual who claimed responsibility for the attack shared screenshots of various compromised Uber resources with the newspaper and with security researchers.

Uber’s communications team confirmed the breach via Twitter at 2:25am BST on Friday 16 September. They said: “We are currently responding to a cybersecurity incident. We are in contact with law enforcement and will post further updates here as they become available.”

Uber had not made any further comment on the incident at the time of writing.

Sam Curry, a security engineer at Yuga Labs who was among those contacted by the hacker, described a “total compromise” on the NYT and said the attacker appears to have access to most of its systems.

That NYT also revealed that the attacker had told his reporters that he had compromised Uber after successfully breaching an employee’s network access by sending them text messages impersonating an internal IT administrator to obtain their credentials.

From there they seem to have been able to build persistence and Get access to most of Uber’s internal resources after scanning the company’s network and finding a PowerShell script containing privileged credentials for an administrator user from Thycotic, a provider of Privileged Access Management (PAM) solutions. These credentials gave the attacker further access to multiple services.

Systems said to have been compromised include Amazon Web Services, Duo, GSuite, OneLogin, Slack, VMware and Windows. computer beeps also reported that the attacker had accessed and stolen data from Uber’s HackerOne bug bounty program, which could be particularly dangerous for Uber if it contains undisclosed or unpatched vulnerabilities in its application.

The attacker further used Slack to send Uber employees a message listing the compromised resources and posted pornographic images on an intranet site. The attacker claimed to be 18 and testing his skills and said he wanted Uber drivers to be paid better.

There is currently no information as to whether the attacker had access to Uber employee or customer data, although the possibility seems very real. A data breach at Uber in 2016 compromised information on 57 million user accounts – 2.4 million in the UK. Uber was fined nearly $150 million for covering up this violation, and its then chief security officer, Joe Sullivan, is currently facing criminal charges over the incident.

The alleged involvement of a teenage hacktivist in the attack is also reminiscent of a series of recent cyberattacks on tech companies carried out by the Lapsus$ group, which exploited flaws in multi-factor authentication (MFA) to compromise multiple victims in remarkably similar ways . Although there is no evidence linking the Uber incident to Lapsus$, some of the gang’s members turned out to be teenage hackers who were caught falling out.

A study conducted for the forthcoming International Cyber ​​Expo in London found an increasing tendency for minors to engage in cybercrime, a trend that could potentially be exacerbated by the cost of living crisis (a similar trend has been linked to mass furloughs and layoffs during the Covid-19 pandemic). The study suggests that 40% of parents are concerned to some extent that their children may turn to cybercrime.

SImon Newman, Advisory Board Member of the International Cyber ​​Expo and CEO of the Cyber ​​Resilience Center for London, said: “As hacking tools become more accessible and affordable across the internet, we are seeing a rise in ‘script kiddies’ – inexperienced hackers, carry out cyber attacks.

“While ‘kiddies’ doesn’t necessarily refer to the hacker’s age, but to their experience, it turns out that many are teenagers. In fact, the average age of a referral to the National Cyber ​​Crime Unit in the UK is just 15 years old.

“Although law enforcement agencies are working hard to take down websites and forums that promote hacking, the results of this survey also show that parents/guardians need to take an active interest in what their children are doing online to prevent them from targeting them.” falling for the wrong side of the law,” Newman said.

Share.

About Author

Comments are closed.