The world’s number 1 taxi app was hit by a rather serious cyber security attack recently. But what really happened and what can we learn from it?
Last week, it was revealed that Mobility as a Service provider Uber was hit with a high-profile cyber attack that has left the company’s reputation at serious risk. In today’s blog we’re exploring exactly how the attack took place, how it could have been avoided, and what we (as IT teams, cyber security experts and business owners) can learn from it.
Allegedly, a young hacker was able to download HackerOne vulnerability reports and view and screenshot almost all of the company's internal systems (including emails, Slack messages, the company's security software and Windows domain).
The hacker is said to have breached Uber through a social engineering attack (an attack that utilises psychological manipulation to coerce a user into performing certain actions or divulging confidential information) on an employee. They launched what is known as an MFA Fatigue attack - whereby a hacker almost has access to a user’s account but is blocked by multi-factor authentication. The attacker then spams the employee with multi-factor authentication requests until they become tired of seeing them and accept them. In this case, they completed the process by contacting the employee, claiming to be Uber IT and asking that they accept the request. The employee did as they were told, providing the hacker with access to the company’s intranet.
Once on the intranet, the hacker claims to have found a PowerShell script containing plain text admin credentials for the company's Thycotic privileged access management (PAM) platform.
This was then used to access logins for the company's other internal services, including app sourcecode and databases.
Well, in this case, the lessons are fairly simple.
1. Even if your business has a PAM solution in place, you will still require secure program enforcement to ensure all attack vectors are closed (even those that arise due to the introduction of a PAM solution, such as the one used to exploit Uber).
2. Never ever store your (privileged) credentials anywhere in clear text, especially not in automation scripts. Use encryption and/or dedicated solutions for secrets management, instead.
You’ve worked far too hard to let your business (or the business you work for) fall victim to a cyber attack.
At Infosec K2K, we know what it takes to keep your business safe from the threats of today and those of the future. Get in touch today to find out how we can help.