After so much hacking news doing the rounds, now it’s turning for Uber. The company has been inflicted by a severe cyberattack the last Thursday by an 18-year-old hacker. The alleged teenager shared the company’s systems reports, emails, and Slack Server.
The attack’s news and update were shared by the company on the next day, Friday stating that the scrutiny on the attack is still going on and the company is only sharing some additional details mentioned below:
It has no evidence that the incident involved access to sensitive user data, like
the trip history, etc.:
- All the other Uber services like Uber Eats, Uber Driver app, Uber and Uber Freight is operating nicely.
- It has notified the law enforcement team.
- Internal software tools used as a precaution are coming back online from Friday morning.
- The company from its statements seems that the theft of personal data is there or not, nor it is very specific about how much time the threat actor remained inside the organization’s network.
Uber is continuously backlogging the news all over by saying that the security analysis and response to the attack are going on. This lazy and hazy response of the company is marked “sketchy” by the independent security researcher Bill Demirkapi.
According to the bill, the “no evidence” stand made by Uber is itself giving the indications that the intruder did have access to the company’s systems and the sensitive data.
He also added that using the term sensitive user data instead of user data is also an indication that something strange is there that the company is hiding.
How the Attack was carried out?
The data breach was done by an 18-year-old, who social engineered an uber employee into accepting the Multi-Factor Authentication(MFA) prompt sent by him and likewise registered the victim on his system.
Upon accessing an initial niche on Uber systems the intruder accessed the internal shared network, containing PowerShell scripts having admin credentials, AWS, OneLogin, SentinelOne, Slack, and Google Cloud Platform access.
The Singapore-based IB has scanned the screenshots shared by the hacker and found them to be logs collected by an information-stealing malware. This very malware was auctioned some days back on the dark net.
The logs also indicate two of the Uber Employees from Brazil and Indonesia to be infected by the malware named Vidar stealers and Raccoon.
You can read about more of such prevailing vulnerabilities here.
If you found this article interesting then please subscribe to cybermetrics.eu
By: Ankita Anand, Editor: Sneha
