Controversial ride-sharing service Uber is investigating a major cyber security breach that forced it to take a number of critical systems offline after an alleged social engineering attack on an employee by an apparent teenage hacktivist.
The incident came to light late on Thursday, September 15 According to The New York TimesAfter it first reported the incident, a person claiming responsibility for the attack shared screengrabs of various compromised Uber resources with newspapers and security researchers.
Uber’s communications team confirmed the breach via Twitter 2:25am BST on Friday 16 September. They said: “We are currently responding to a cyber security incident. We are in contact with law enforcement and will post additional updates here as they become available.”
Uber has not commented further on the incident at the time of writing.
Sam Curry, a security engineer Age LabsOne of those contacted by the hacker described a “complete compromise”. NYT And said the attacker appeared to have access to most systems.
The NYT Additionally revealed that the attacker told his reporters that they had compromised Uber by sending text messages posing as an internal IT admin to obtain their credentials after successfully breaching an employee’s network access.
From there, they seem to have been able to establish persistence and Gain access to more of Uber’s internal resources After scanning the company’s network and finding a PowerShell script that contains privileged credentials for the admin user Thycotic, a provider of Privileged Access Management (PAM) solutions. These credentials gave the attacker more access to multiple services
Systems claimed to have been compromised include Amazon Web Services, Duo, GSuite, OneLogin, Slack, VMware and Windows. Bleeping computer It was additionally reported that the attacker accessed and took data from Uber’s HackerOne bug bounty program, which could be particularly dangerous for Uber if its application has undisclosed or unpatched vulnerabilities.
The attacker used Slack to send Uber employees a message listing compromised resources and posted pornographic images on an intranet page. The attackers are claimed to be 18 years old and their skills are being tested They wanted to pay Uber drivers well.
There is currently no information on whether the attacker has access to Uber employee or customer data, although the possibility seems very real. A 2016 data breach at Uber saw the account information of 57 million users – 2.4 million in the UK – compromised. Uber was fined nearly $150 million for covering up the breachand its then Chief Security Officer Joe Sullivan Currently facing criminal charges on the incident.
The alleged involvement of a teenage hacktivist in the attack also brings to mind recent cyber attacks against tech companies carried out by the Lapsus$ group. Exploited Failure in Multifactor Authentication (MFA) Compromise multiple victims in a remarkably similar fashion. Although no evidence has been found linking the Uber incident to Lapsus$, several members of the gang have been identified. teenage hackerwho were caught falling for each other.
A study conducted for the upcoming International Cyber Expo A growing trend of minors engaging in cybercrime in London has been found, a trend that may be exacerbated by the cost-of-living crisis (a similar trend has been observed) Associated with mass furloughs and layoffs during the Covid-19 pandemic). The survey found that 40% of parents are worried to some degree that their children might turn to cyber crime.
comeEamon Newman, International Cyber Expo Advisory Council Member and CEO Cyber Resilience Center for Londonsaid: “As hacking tools become increasingly accessible and affordable on the Internet, we have witnessed the rise of ‘script kiddies’ – inexperienced hackers who carry out cyber attacks.
“While ‘kiddies’ does not necessarily refer to the age of the hacker as much as their experience, many have been found to be teenagers. In fact, in the UK, the average age of referral to the National Cybercrime Unit is just 15 years.
“While law enforcement agencies are working hard to remove websites and forums that promote hacking, the results of this survey show the need for parents/guardians to take an active interest in preventing their children from falling prey to what they are doing online. Wrong side of the law,” Newman said.