Uber, one of the world’s leading automotive companies, has announced it has suffered a data breach. In a statement released by the company, it said: ‘An Uber EXT contractor had their account compromised by an attacker. It is likely that the attacker purchased the contractor’s Uber corporate password on the Dark Web, after the contractor’s personal device had been infected with malware, exposing those credentials’.
The statement continued: ‘The attacker then repeatedly tried to log in to the contractor’s Uber account. Each time, the contractor received a two-factor login approval request, which initially blocked access. Eventually, however, the contractor accepted one and the attacker successfully logged in’.
Uber revealed that the attacker was then able to access several other employee accounts which ultimately gave the attacker elevated permissions to a number of tools, including G-Suite and Slack. ‘The attacker then posted a message to a company-wide Slack channel, which many of you saw, and reconfigured Uber’s OpenDNS to display a graphic image to employees on some internal sites.
The organisation believes that the attacker (or attackers) are affiliated with hacking group Lapsus$.
The investigation is still ongoing.
Tim Callan, Chief Compliance Officer at Sectigo, commented on the announcement: “Attacks like this are all too common. In this case, the compromise was largely enabled by a combination of social engineering (including the defeat of MFA through a spoofed relay site) and the discovery of privileged credentials hard-coded in scripts. These techniques can be defeated through modern strategies such as PKI-based access. No matter how vigilant a company’s security culture is, these fundamental vulnerabilities will remain so long as traditional username-password credentials control access.”Click below to share this article