Security News > 2022 > October > What the Uber Hack can teach us about navigating IT Security

What the Uber Hack can teach us about navigating IT Security
2022-10-13 14:05

Uber's security compromise earlier this month is an unfortunate result of concerns left over from an attack the company sustained in 2016 when a pair of hackers outside of Uber accessed user data that was stored on a 3rd-party server.

While MFA can guard against attacks using stolen credentials, that doesn't protect against what could happen if a hacker has credentials and uses them for a more advanced attack.

Uber later divulged that the attacker who breached its network had first obtained the VPN credentials of an external contractor.

The attacker rendered the incident response team obsolete by combining stolen credentials, an MFA Fatigue attack, and social engineering, to breach the system.

Business Email Compromise: A form of phishing attack at its core, a BEC attack exploits an employee's fear of punishment or desire to ingratiate their superiors.

The Uber attack demonstrates just how sophisticated hackers have become when it comes to exploiting authorization mechanisms through social engineering, especially phishing.


News URL

https://www.bleepingcomputer.com/news/security/what-the-uber-hack-can-teach-us-about-navigating-it-security/