Security News > 2022 > October > What the Uber Hack can teach us about navigating IT Security
Uber's security compromise earlier this month is an unfortunate result of concerns left over from an attack the company sustained in 2016 when a pair of hackers outside of Uber accessed user data that was stored on a 3rd-party server.
While MFA can guard against attacks using stolen credentials, that doesn't protect against what could happen if a hacker has credentials and uses them for a more advanced attack.
Uber later divulged that the attacker who breached its network had first obtained the VPN credentials of an external contractor.
The attacker rendered the incident response team obsolete by combining stolen credentials, an MFA Fatigue attack, and social engineering, to breach the system.
Business Email Compromise: A form of phishing attack at its core, a BEC attack exploits an employee's fear of punishment or desire to ingratiate their superiors.
The Uber attack demonstrates just how sophisticated hackers have become when it comes to exploiting authorization mechanisms through social engineering, especially phishing.
News URL
Related news
- US govt officials’ communications compromised in recent telecom hack (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Chinese cyberspies, Musk’s Beijing ties, labelled ‘real risk’ to US security by senator (source)
- US senators propose law to require bare minimum security standards (source)
- US arrests Scattered Spider suspect linked to telecom hacks (source)
- Wyden proposes bill to secure US telecoms after Salt Typhoon hacks (source)
- US reportedly mulls TP-Link router ban over national security risk (source)