You can now automate deployment of ForgeRock AM on AWS with Sennovate+Try now
According to the report, a leading ride-hailing and food delivery company has suffered a systems breach. The Uber employees were not able to access the internal tools such as Slack. One employee resource page is said to have had a not safe for work image posted to it by the hacker.
It’s shocking, right? You must be wondering how the hack happened. What data was lost? How did Uber cover it up? Is it preventable? No worries! This blog has answers to all your questions.
Let’s go ahead!
According to researchers, with password-stealing malware such as Redline installed on the employee’s computer, the employee’s credentials may have been stolen. To steal the passwords of the users, Lapsus is also known to use Redline. According to Uber, the hacker may have bought the stolen passwords from a marketplace on the dark web.
Once stolen, the hacker had to defeat Uber’s multi-factor authentication, which adds an additional barrier to prevent attackers from using stolen credentials to break into a company’s network.
After tricking the employee into accepting the push notification, the hacker could then send MFA push notifications as if they were the employee, granting them persistent access to Uber’s network.
Hackers are still able to breach their security even though they have only gained access to some of Uber’s users. The hacking means the hackers found a route to enter the accounts and infiltrate the Uber system.
There are chances that, from the other apps tracking users, the hackers also gained access to sensitive information. Therefore, hackers may have gained access to information like addresses, email addresses, and licence numbers (even though no evidence proves it yet).
These data might have unwarranted access to bank accounts of the users while receiving Social Security benefits in someone else’s name and even driving cars without being detected.
Interested in testing IAM solutions? Join our beta program and receive rewards for your feedback
The best practises for security that would have been effective in preventing Uber’s loss of customer data are listed below:
The hackers have gained access to both Uber’s GitHub and AWS instances remotely. We don’t know how the attackers gained access to Uber’s GitHub but it may have involved compromise of legitimate Uber credentials that were then used to remotely log into the system. If multi factor authentication (MFA) had been implemented it would prevent a remote hacker from gaining access to targeted systems, even when legitimate credentials are compromised.
To access Uber’s AWS environment and infiltrate the millions of recorded sensitive data, hackers were able to use one set of administrator credentials found on GitHub. Restricting privileges for user and administrator accounts is a strategy used to prevent this kind of breach. An administration won’t have any rights to access the sensitive databases within AWS or access the development environment in GitHub when the principle of least privilege is implemented.
The concept of zero trust, with its guiding principle of ‘Never Trust, Always Verify,’ is making waves in the IT security world. The key feature of this approach is that only authenticated users have access to the data and applications. IAM is very effective with the Zero Trust model, and security is taken to the next level.
Conducting a cybersecurity threat assessment is another way to effectively combat hackers. To determine the areas in need of additional security controls, companies can review their assets and top risks. For Uber, this might have been publicly facing logins for GitHub and AWS, and repositories of sensitive data within AWS, both of which would have benefited from additional access control measures.
Until the hacker contacted Uber via email to demand payment, they did not even have the idea of a data breach. Cloud hosting services, maintained off-premises, are often neglected by traditional logging and monitoring controls. To detect any unauthorised access to sensitive data, cloud services, especially those hosting sensitive data, are in need of effective monitoring. If such monitoring was in place, Uber may have detected the access and defiltration of huge amounts of data from its network.
The customer data may be prevented from wider release when Uber makes the payment to the attackers but their failure to disclose the attack for over one year will likely have legal, reputational, and financial consequences for the company.
Sennovate delivers custom identity and access management (IAM) and managed security operations center (SOC) solutions to businesses around the world. With global partners and a library of 2000+ integrations, 10M+ identities managed, we implement world-class cybersecurity solutions that save your company time and money. We offer a seamless experience with integration across all cloud applications, and a single price for product, implementation, and support. Have questions? The consultation is always free. Email [email protected] or call us at: +1 (925) 918-6618.