Security News > 2022 > September > Uber Blames LAPSUS$ Hacking Group for Recent Security Breach

Uber on Monday disclosed more details related to the security incident that happened last week, pinning the attack on a threat actor it believes is affiliated to the notorious LAPSUS$ hacking group.

As for how the attack unfolded, the ridesharing firm said an "EXT contractor" had their personal device compromised with malware and their corporate account credentials stolen and sold on the dark web, corroborating an earlier report from Group-IB. The Singapore-headquartered company, the previous week, noted that at least two of Uber's employees located in Brazil and Indonesia were infected with Raccoon and Vidar information stealers.

"The attacker then repeatedly tried to log in to the contractor's Uber account," the company said.

Uber also confirmed that the attacker accessed HackerOne bug reports, but noted that "Any bug reports the attacker was able to access have been remediated."

"There is only one solution to making push-based more resilient and that is to train your employees, who use push-based MFA, about the common types of attacks against it, how to detect those attacks, and how to mitigate and report them if they occur," Roger Grimes, data-driven defense evangelist at KnowBe4, said in a statement.

While there has been a shift from SMS-based authentication to an app-based approach to mitigate risks associated with SIM swapping attacks, the attack against Uber and Cisco highlights that security controls once considered infallible are being bypassed by other means.

News URL

https://thehackernews.com/2022/09/uber-blames-lapsus-hacking-group-for.html