Skip to content
  • About Us
  • Advertise
  • Contact Us
  • DMCA
  • Privacy Policy
  • Follow on Google News
The Medium News

The Medium News

  • Home
  • India
    • National
    • Regional News
  • Business
  • Education
  • LifeStyle
    • Fashion & Beauty
    • Food
    • Health & Fitness
    • Travel
  • Tech
    • Apps News
    • Gadgets
  • Automobiles
  • Sports
  • Entertainment
  • More
    • Agriculture
    • astrology
    • Environment
    • Finance/Money
    • Religion
    • Science
    • Social Work
    • Wow Personality
  • Toggle search form

Postmortem of Uber’s Social Engineering Hack

Posted on September 28, 2022 By The Medium News No Comments on Postmortem of Uber’s Social Engineering Hack

CloudSEK’s contextual AI based digital risk protection platform discovered a threat actor claiming to have compromised Uber, the American mobility service provider. Uber has confirmed the above claims and responded to the incident by stating that it is in contact with law enforcement agencies. Social engineering was employed as an initial attack vector by the threat actor.

The threat actor was able to compromise an employee’s HackerOne account to access vulnerability reports associated with Uber. To demonstrate the legitimacy of the claims, the actor has posted unauthorized messages on the HackerOne page of the company. Moreover, the attacker has also shared several screenshots of Uber’s internal environment including their GDrive, VCenter, sales metrics, Slack, and the EDR portal.

“The Uber Hack is a classic case of failure on multiple levels where Over privilege or privilege mismanagement plays a pivotal role. Eliminating privilege escalation paths or monitoring for access changes in accounts can be initial answers for mitigation, apart from Darkweb and surface web monitoring”, says Abhinav Pandey, Cyber Threat Researcher, Cloudsek.

The actor plausibly employed social engineering techniques as an initial attack vector to compromise Uber’s infrastructure.

After attaining access to multiple credentials, the actor exploited the compromised victim’s VPN access to:

  • Pivot and escalate privileges inside the internal network
  • Scan the internal network(Intranet) for access

Subsequently, the actor gained access to an internal network(Intranet) *.corp.uber.com where the actor got access to a directory, plausibly with a name “share”, which provided the actor with numerous PowerShell scripts that contained admin credentials to the privileged access management system (Thycotic). This enabled the actor with complete access to multiple services of the entity such as Uber’s Duo, OneLogin, AWS, Gsuite Workspace, etc.

This hack had a tremendous impact on Uber starting from the Obfuscation of the application code, hindering the usability of the application, leaked credentials, and access could facilitate multiple account takeovers and leaking of sensitive and critical information of the entity. Equipping malicious actors with details required to launch sophisticated ransomware attacks, exfiltrate data, and maintain persistence, not to mention the reputational damage for Uber.

Mitigation Steps include training employees against social engineering attacks and techniques, implementing a strong password policy and enabling MFA across logins, creating specialized user groups with minimum privileges, closing unused ports, limiting file access, patching vulnerable, and exploitable endpoints, preventing private keys from being shared unencrypted in messaging systems like Slack or WhatsApp.

Singapore headquartered CloudSEK is a contextual AI (Artificial Intelligence) company, founded in 2015, by cybersecurity expert Rahul Sasi, with the aim to construct a future where intelligent machines can emulate human cognition to predict cyber threats even before they occur.

CloudSEK’s central proposition is to leverage AI to build a rapid and reliable detection, analysis, and alert system that offers swift detection across internet sources, precision analysis of threats, and prompt resolution with minimal human intervention.

CloudSEK offers the power of Cyber Crime monitoring, Brand Monitoring, Attack Surface monitoring, and Supply Chain Intelligence to give context to customers’ digital risks. CloudSEK’s single unified dashboard allows customers to triage and visualize all their digital threats in one place. CloudSEK also offers workflows and integrations to manage and remediate the identified threats.

Business Tags:American mobility service provider, Attack Surface monitoring, Brand Monitoring, CloudSEK, contextual AI (Artificial Intelligence) company, Cyber Crime monitoring, cybersecurity expert Rahul Sasi, digital risk protection platform, HackerOne, Supply Chain Intelligence, Uber, Uber Hack

Post navigation

Previous Post: Dr. Geomcy George – Top emerging healthcare leader who is making a difference in the lives of many
Next Post: Cycle Pure launches pujaroom.com to provide a premium puja experience

More Related Articles

LACOSTA BLDC FANS: Ready to capture Indian Markets LACOSTA BLDC FANS: Ready to capture Indian Markets Business
CIGNEX, Excellerent merge with Relevance Lab to form a global powerhouse in digital transformation & cloud services Business
Entrepreneur Sathish J Shetty: Founder of Jk Inspire Kudalu village, Kundapura Sathish J Shetty Received Doctorate and Indian Trade Award For excellence in digital marketing Business
Dr. Anshu Sharma and 21 other high profiled professionals were awarded Honorary Doctorate at Convocation Function Business
The Importance of SMM optimization in the digital world Business
An exceptional team of private detectives dedicated to solving cases Spy Detective Agency continues to help people in the most excellent way An exceptional team of private detectives dedicated to solving cases, Spy Detective Agency continues to help people in the most excellent way Business

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest News

  • CIGNEX, Excellerent merge with Relevance Lab to form a global powerhouse in digital transformation & cloud services
  • Kudalu village, Kundapura Sathish J Shetty Received Doctorate and Indian Trade Award For excellence in digital marketing
  • Akhil Sachdeva’s love ballad O Sanam featuring Sara Gurpal is the right mix of melody and poetry, hitting home with people across the board
  • IIFSE GROUP: Mr. Srinu Mahanti Received International Innovative AWARD 2022-BANGKOK for Excellence unique training in fire & safety, hotel management courses
  • Recently appointed Chairman of GCNI Shubham Chaudhary meets BJP National President JP NADDA

Categories

  • Agriculture
  • Apps News
  • astrology
  • Automobiles
  • Business
  • Education
  • Entertainment
  • Environment
  • Fashion & Beauty
  • Finance/Money
  • Food
  • Gadgets
  • Health & Fitness
  • LifeStyle
  • National
  • Photography
  • Politics
  • Press Release
  • Regional News
  • Religion
  • Science
  • Social Work
  • Sports
  • Tech
  • Travel
  • Uncategorized
  • World
  • Wow Personality

Recent Posts

  • LACOSTA BLDC FANS: Ready to capture Indian Markets
  • CIGNEX, Excellerent merge with Relevance Lab to form a global powerhouse in digital transformation & cloud services
  • Kudalu village, Kundapura Sathish J Shetty Received Doctorate and Indian Trade Award For excellence in digital marketing
  • Akhil Sachdeva’s love ballad O Sanam featuring Sara Gurpal is the right mix of melody and poetry, hitting home with people across the board
  • IIFSE GROUP: Mr. Srinu Mahanti Received International Innovative AWARD 2022-BANGKOK for Excellence unique training in fire & safety, hotel management courses

Ace Entrepreneur actor artificial intelligence author Bangalore Bengaluru Blockchain technology blogger business Content Creator COVID-19 Cryptocurrency Delhi Department of Science and Technology digital marketing Dr. Jitendra Matlani DST Dubai education Gujarat health Hyderabad IISc IIT Delhi Indian Institute of Science Indian Institute of Technology influencer Influencerquipo model Mumbai Music Industry NFT photography real estate Research Singer Social Activist Social media social media marketing Sonal Monteiro sports Surat technology TTK Prestige Zaid Khan

Copyright © 2023 The Medium News.

Powered by PressBook Blog WordPress theme