Uber hack not just a reputational damage but reveals basic security flaws - Bengaluru News

Bengaluru, Sep 26 (IANS) Cyber-security researchers have revealed there were basic flaws in Uber's security gateways as social engineering was employed as an initial attack vector, making the hack "a classic case of failure on multiple levels".

by IANS | Updated Sep 26, 2022

Uber hack not just a reputational damage but reveals basic security flaws - Bengaluru News

Social engineering encompasses a broad spectrum of malicious activities via online human interactions, like phishing, pretexting and baiting.

This hack had a tremendous impact on Uber, starting from the obfuscation of the application code, hindering the usability of the application, leaked credentials, and access that could facilitate multiple account takeovers and leaking of sensitive and critical information of the entity, according to AI-driven cyber-security firm CloudSEK.

"Equipping malicious actors with details required to launch sophisticated ransomware attacks, exfiltrate data, and maintain persistence, not to mention the reputational damage for Uber," the researchers from the firm emphasised.

The ride-hailing major Uber last week blamed the infamous Lapsus$ hacking group for the cyber attack on its internal systems. The company reiterated that no customer or user data was compromised during the breach.

"The Uber Hack is a classic case of failure on multiple levels where Over privilege or privilege mismanagement plays a pivotal role. Eliminating privilege escalation paths or monitoring for access changes in accounts can be initial answers for mitigation, apart from Darkweb and surface web monitoring," said Abhinav Pandey, Cyber Threat Researcher, CloudSEK.

The threat actor was able to compromise an employee's HackerOne account to access vulnerability reports associated with Uber.

To demonstrate the legitimacy of the claims, the actor posted unauthorised messages on the HackerOne page of the company.

"Moreover, the attacker has also shared several screenshots of Uber's internal environment including their GDrive, VCenter, sales metrics, Slack, and the EDR portal," said cyber-security researchers.

The actor plausibly employed social engineering techniques as an initial attack vector to compromise Uber's infrastructure. After attaining access to multiple credentials, the actor exploited the compromised victim's VPN access.

Subsequently, the actor gained access to an internal network (Intranet), where the actor got access to a directory, plausibly with a name "share", which provided the actor with numerous PowerShell scripts that contained admin credentials to the privileged access management system (Thycotic).

"This enabled the actor with complete access to multiple services of the entity such as Uber's Duo, OneLogin, AWS, GSuite Workspace, etc," the researchers reported.

Lapsus$ typically uses similar techniques to target technology companies, and this year breached Microsoft, Cisco, Samsung, Nvidia and Okta, among others.

Disclaimer: This story is auto-aggregated by a computer program and has not been created or edited by FreshersLIVE.Publisher : IANS-Media

Related Articles

  • Logitech launches new webcams, headphones in India
  • Chrome's new feature for iOS will let users open links from other apps in Incognito
  • Gamers gear up for Sony PlayStation tournaments from Thursday
  • 690 mn Indians to use 5G on mobiles by 2028: Report
  • 67% IaaS Cloud users hit by ransomware globally this year
  • Samsung Galaxy S23 appears on FCC datatbase ahead of Feb launch
  • Samsung's 'Galaxy to Share' update will let users share settings across devices
  • Simple urine test can reveal early-stage Alzheimer's disease
  • Microsoft, LinkedIn empower 7.3 mn learners in India, announce new skills
  • Apple iPhone 14 Pro shipments may drop by 20 mn in Q4