Security News > 2022 > October > What the Uber Hack can teach us about navigating IT Security
Uber's security compromise earlier this month is an unfortunate result of concerns left over from an attack the company sustained in 2016 when a pair of hackers outside of Uber accessed user data that was stored on a 3rd-party server.
While MFA can guard against attacks using stolen credentials, that doesn't protect against what could happen if a hacker has credentials and uses them for a more advanced attack.
Uber later divulged that the attacker who breached its network had first obtained the VPN credentials of an external contractor.
The attacker rendered the incident response team obsolete by combining stolen credentials, an MFA Fatigue attack, and social engineering, to breach the system.
Business Email Compromise: A form of phishing attack at its core, a BEC attack exploits an employee's fear of punishment or desire to ingratiate their superiors.
The Uber attack demonstrates just how sophisticated hackers have become when it comes to exploiting authorization mechanisms through social engineering, especially phishing.
News URL
Related news
- Is Lenovo a blind spot in US anti-China security measures? (source)
- Uber fined $325 million for moving driver data from Europe to US (source)
- US proposes ban on Chinese, Russian connected car tech over security fears (source)
- Some US Kaspersky customers find their security software replaced by 'UltraAV' (source)