How did a 17-year-old hack Uber when 2FA was enabled? | System Force I.T. | Gloucester and Gloucestershire
Uber has recently released a press release after an cyber attack caused their systems to be compromised, although they had two factor authentication (2FA) enabled.
Uber appeared to be adopting two factor authentication, using push notifications, which allows employees to have a second layer of security and defense against hackers, which is highly recommended in any I.T. infrastructure.
However, the hacker got around this by using a type of social engineering.
The hacker used a form of social engineering where he targeted one employee at Uber.
After gaining the employees credentials via Whatsapp, the hacker instructed the employee to log in to a fake Uber site, which then quickly grabbed the entered credentials in real time and used them to log into the genuine Uber site.
It’s unknown if the Uber employee knew it was legitimate, fake, or held ransom to do so, however still proceeded to login to this fake website.
Uber’s systems use two factor authentication, which ensures that only the employee can agree to gain access to their systems, thereby protecting them from hackers.
To gain access to Uber systems, the employee must press the allow button on their smartphone to confirm that it is themselves who are signing in.
As the hacker had the credentials of the Uber employee, the cyber attacker essentially spammed the Uber employee with verification requests, hoping to frustrate the employee into accepting one of these requests.
Eventually, the employee hit the accept button, allowing the hacker to have full access to the Uber I.T. infrastructure.
Cyber Security Benefits | System Force I.T. | Gloucester and Gloucestershire
The hacker then went through confidential files on the Uber database, finding other credentials for other parts of the I.T. infrastructure, giving him even more access.
The attacker then reportedly sent a company-wide text on Uber’s internal messaging system called Slack.
Reports are claiming the initial message was ‘I announce I am a hacker and Uber has suffered a data breach’.
Screenshots were released proving that the hacker had access to various assets, including Uber’s Amazon Web Services and G Suite accounts, alongside code repositories.
It’s unknown what more information the hacker got access to or whether they copied or distributed any of it online.
While Uber is still investigating the incident, the company confirmed the attacker “downloaded some internal Slack messages, as well as accessed or downloaded information from an internal tool our finance team uses to manage some invoices.”
Uber believes the Uber employee’s credentials were purchased on the dark web after the employee’s personal device was attacked with malware, revealing those credentials. However, many articles claim that the credentials were socially engineered.
Since the cyberattack, Uber has begun to hire a number of senior security engineers, prompting Twitter users to discuss whether Uber were putting cybersecurity on the back burner until something awful happens.
No.
Two factor authentication has been shown to prevent 99.9% of cyber attacks and can significantly help secure an I.T. infrastructure. (Source: Microsoft)
Uber made the error of not teaching their employees to be cyber-savvy, assuming that because they hire “clever people,” they will be aware of the risks of phishing or social engineering.
This is not true – everyone needs to be on the same page, and educated on cyber security.
Your employees are your gatekeepers, so regularly educate them on phishing recognition and reporting to help prevent identity theft.
Two Factor Authentication Token Security | System Force I.T. | Gloucester and Gloucestershire
We anticipate Uber will begin issuing physical hardware keys to anyone with a specific amount of access, instead of just a push notification button.
Alternatively, Uber will introduce various types of multi factor authenticity like biometrics for specific devices.
A large company like Uber should introduce various cyber awareness courses for employees regularly, to be aware of different threats, malicious attacks and social engineering.
Read more about cyber awareness training here:
There should be other means of multi factor authentication, alongside using a physical key, throughout the login process, to ensure the correct person is logging in.
It’s reported that the same person, is actually a leader of a ransomware group called Lapsus$, which also recently leaked Rockstar’s GTA 6 early development, and other deployed large cyber attacks on huge brand names like Brazil’s Ministry of Health, Okta, Nvidia, Samsung, Ubisoft, T-Mobile, Microsoft, Globant and many others.
No other details about the nature of the investigation were disclosed as of the 27th September 2022.
Cyber crime is at an all time high, with malicious tools being easily accessible by anyone. There’s no one solution to stop any hack penetrating your systems, however well your systems are safeguarded, but in Uber’s case – the employee isn’t fully at fault.
Businesses must realise that they may not be able to control the cyber attack, but can control how bad they become and how they operate moving forward.
Robust, layered cybersecurity protections, supported by regular and ongoing staff education to better identify possible sources of danger, can help reduce attacks like the Uber incident.
These precautions make it more difficult for attackers to get a foundation, operate, investigate, and achieve their goals.
System Force I.T. analyses the way your business works, and offers the best fitting I.T. solution that can help your business succeed.
Our cyber security tools and monitoring help ensure that your company is secure and that security policies and regulations are followed correctly.
We also help with email phishing testing on employees, cyber security awareness training, and educating your staff on the ins and outs of cyberattacks to help prevent attacks from happening in your company.
>> Click here to get in contact with us to find out more! <<<
System Force IT provides 24/7 IT support and engineering help with all our services. Our IT infrastructure management team are responsible for the backbone of your business. Monitoring and maintaining both physical and virtual services in real-time.
System Force IT provides 24/7 IT support and engineering help with all our services. Our IT infrastructure management team are responsible for the backbone of your business. Monitoring and maintaining both physical and virtual services in real-time.