Transportation service provider Uber suffered a cyberattack in which a suspected 18-year-old hacker downloaded vulnerability reports from HackerOne and shared screenshots of the company's internal systems, email dashboard and Slack server.
The screenshots shared by the hacker appear to show full access to many of Uber's critical IT systems, including the company's security software and Windows domain.
Uber attacker had full access
The attacker also hacked the Uber Slack server, which he used to send messages to employees saying the company was hacked. However, screenshots from Uber's Slack show that these announcements were initially met with memes and jokes, as employees were unaware that an actual cyberattack was taking place.
According to bleedingcomputer, Uber has since confirmed the attack and tweeted that they are in contact with law enforcement and will release additional information as it becomes available. “We are currently responding to a cybersecurity incident. We are in contact with law enforcement and will post further updates here as they become available," the Uber Communications account tweeted.
No official Uber statement
Ian McShane, Arctic Wolf's vice president of strategy, says of the Uber hack: "While there is no official statement yet, one person who has claimed responsibility for the cyberattack states that the initial access was socially engineered by an unsuspecting Uber employee was contacted by him, he posed as tech support and reset the password. The attacker was then able to connect to the corporate VPN to gain further access to the Uber network. In doing so, he appears to have struck gold in the form of admin credentials stored in clear text on a network share.
The barrier to entry for this attack turned out to be quite low. The attack is similar to the one in which attackers impersonated MSFT employees and tricked end users into installing keyloggers or remote access tools. Given the access they claim to have gained, I'm surprised the attacker didn't attempt to extort ransom. It looks like it was just a 'fun' act."
Access to bug bounty program?
There is currently no precise explanation of the attack. Various media reports that the Uber account was protected with multi-factor authentication. The attacker allegedly used an MFA fatigue attack and pretended to be Uber's IT support to convince the employee to accept the MFA request. According to the New York Times, the hacker was said to have had access to Uber databases and source code as a result of the attack.
Worst of all is the assumption that the attacker is said to have copied the ticket system and thus the vulnerability reports of the bug bounty program. If that were true, Uber would have to expect a new attack at any time and close the gaps found extremely quickly. Because the attacker can quickly turn this information into money on the Darknet. Experts are probably already on the lookout for suitable offers.
More at bleedingcomputer.com