On Thursday, Uber employees learned that a hacker had gained access to extensive portions of the company’s internal network and boasted about it on the official Slack channel. According to the news source that broke the story, the intruder showed The New York Times and security researchers screenshots of the breach and was unusually open about how it happened and how far it went.
Findings show that the intruder most likely used WhatsApp to contact an Uber employee to get first access.
The hacker gained access to the user’s account by stealing the password and convincing the user to approve a push notification for multi-factor authentication. Finally, the invader found administrator credentials that granted access to some of Uber’s most prized network assets. Uber shut down parts of its internal network while it looked into how big the problem was.
Read also: Lapsus$ Group Attacks Microsoft and Okta in Cyber Hack
What information the hacker accessed or what else the hacker did is still unclear. Uber kept a lot of information that could have been accessed, like people’s private addresses and where they were every hour.
Who is responsible for the Uber hack?
The hacker socially engineered the Uber employee after discovering the employee’s WhatsApp number; the hacker messaged the employee directly and told them to go to a phoney Uber site, which then captured their credentials in real-time and used them to access the accurate Uber site.
Multi-factor authentication, or MFA, was in place at Uber as a mobile app requiring users to enter a code displayed on their smartphone before gaining access. The hacker repeatedly typed the credentials into the simple site to get around this security. The worker, who appeared to be dazed or exhausted, pressed the button. The attacker was successfully warded off after that.
After digging around, the attacker found several Powershell scripts an administrator had saved that would automatically log them into various secure network compartments. The required login information was already included in the scripts.
To brag about his victory, the assailant allegedly sent texts to all of Uber’s employees through the company’s Slack channels.
One message reportedly claimed, “I announce I am a hacker, and Uber has suffered a data breach.” Screenshots showed that the person had access to Uber’s Amazon Web Services and G Suite accounts and its code repositories.
It is yet unknown what other information the hacker gained access to or if any of it was copied or leaked. As of Friday, Uber’s disclosure website now reads, “We have no evidence that the incident involved access to sensitive user data (like trip history).”
The outcome of the hack
Not much. The individual, who claims to be 18, posted to Uber driver support forums on Slack to express dissatisfaction with pay. Because of this, and because the invader made no effort to hide the breach, it’s safe to assume that the motivation behind the attack was not financial gain via ransomware, extortion, or espionage. Until now, nobody knew who this person was.
The business has admitted to the security breach and is now looking into it.
Was it possible that a teenager, only 18 years old, gained access to the most secret information of a multinational corporation? How is that even possible?
Read also: Cybercrime in Nigeria: Increasingly Sophisticated Crimes Part 2
While it’s too early to tell, this situation seems possible, if not likely. Still, phishing is a highly successful method of network penetration. Why use a zero-day exploit when there are more straightforward and cheaper ways to get in?
Furthermore, phishing assaults have become more sophisticated in recent months. The recent hack of Twilio is just one example of a widespread attack that has affected various businesses. The attackers used Telegram; the phishing page sent the user’s credentials to the attackers, who then used them to access the legitimate website. The attackers matched the user’s entry of a one-time password provided by an authenticator software. Even if an employee used a security tool like Duo to keep unauthorised users out of their account, the hackers would still be able to access it as soon as the employee consent.
If a user’s password is stolen in a database hack, this multi-factor authentication system will keep them safe. However, it has been shown that they are entirely ineffective against phishing attempts. Phishing-resistant multi-factor authentication (MFA) is now only available in FIDO2-compliant forms. There is no better MFA programme than this one.
Read More: Get latest update on Africa Tech News
The widespread misconception that people in modern societies are too savvy to fall for phishing campaigns continues to plague many institutions and communities. They find authenticator apps more practical than FIDO2 multi-factor authentication methods, which include carrying a phone or a physical key. Until that way of thinking changes, breaches of this kind will always be a part of life.
On Friday, Uber’s stock price fell by over 4% because of a widespread sell-off that pushed down the prices of shares in many other companies. Indicators on the Dow Jones Industrial Average were down 1%. The S& P 500 fell 1.2 per cent, and the Nasdaq Composite fell 1.6 per cent, respectively. Why Uber’s stock is down and what role the breach has had in that decline remains unclear.