Controversial ride-sharing service Uber is investigating a major cybersecurity breach that forced it to take a number of critical systems offline following an alleged social engineering attack on an employee by an apparent teenage hacktivist.
The incident came to light on the night of Thursday, September 15, when according to the New York Timeswho first reported the story, a person who claimed responsibility for the attack shared screenshots of various compromised Uber resources with the newspaper and with security researchers.
The Uber Communications Team confirmed the rape via Twitter at 2:25am BST on Friday 16th September. They said: “We are currently responding to a cybersecurity incident. We are in contact with law enforcement and will post additional updates here as they become available.”
Uber had not provided any additional comment on the incident at the time of this writing.
Sam Curry, security engineer at yuga labswho was among those contacted by the hacker, described a “total commitment” to the NYT and said the attacker seemed to have access to most of his systems.
the NYT It further revealed that the attacker had told his reporters that they had compromised Uber after successfully breaching an employee’s network access by sending them text messages posing as an internal IT administrator to obtain their credentials.
From there, they seem to have been able to establish persistence and gain access to most of Uber’s internal resources after scanning the company network and finding a PowerShell script that contained privileged credentials for an administrator user of Tico Tico, a provider of privileged access management (PAM) solutions. These credentials gave the attacker more access to multiple services.
Systems claimed to be compromised include Amazon Web Services, Duo, GSuite, OneLogin, Slack, VMware, and Windows. bleeding computer In addition, it reported that the attacker had accessed and taken data from Uber’s HackerOne bug bounty program, which could be particularly dangerous for Uber if it contains undisclosed or unpatched vulnerabilities in its application.
The attacker used Slack to send Uber employees a message with a list of compromised resources and posted pornographic images on an intranet page. The attacker claimed to be 18 years old and was testing his skills, saying he wanted Uber drivers to be better paid.
There is currently no information on whether or not the attacker has access to Uber employee or customer data, although the possibility seems very real. A data breach at Uber in 2016 saw the information of 57 million user accounts (2.4 million in the UK) compromised. Uber was found to have nearly $150 million for covering up this breach, and its then chief security officer, Joe Sullivan, is Currently facing criminal charges about the incident.
The alleged involvement of a teenage hacktivist in the attack is also reminiscent of a series of more recent cyberattacks on tech companies by the Lapsus$ group, which exploited flaws in multi-factor authentication (MFA) to compromise multiple victims in a remarkably remarkable way. Similary. Although there is no evidence linking the Uber incident to Lapsus$, several of the gang members turned out to be teenage hackers, who were caught fighting among themselves.
A study carried out for the next International Cyber Expo in London found a growing trend for minors to engage in cybercrime, a trend that may be in danger of being exacerbated by the cost of living crisis (a similar trend was seen related to furloughs and mass redundancies during Covid-19 pandemic). The study suggests that 40% of parents are concerned to some extent that their children may resort to cybercrime.
yesImon Newman, a member of the advisory board of the International Cyber Expo and executive director of the London Cyber Resilience CenterHe said: “With hacking tools becoming more accessible and affordable on the Internet, we have witnessed an increase in ‘script kiddies’ – inexperienced hackers who carry out cyber attacks.
“Although ‘children’ does not necessarily refer to the age of the hacker as much as to their experience, many have been found to be teenagers. In fact, in the UK, the average age of a referral to the National Cyber Crime Unit is just 15 years old.
“Although law enforcement agencies are working hard to eliminate websites and forums that promote piracy, the results of this survey also demonstrate the need for parents/guardians to take an active interest in what their children are doing. online to prevent them from falling on the wrong side of the law,” Newman said.