Uber hacked: access to internal systems and vulnerability reports stolen

B2B Cyber ​​Security ShortNews

Share post

Transportation service provider Uber suffered a cyberattack in which a suspected 18-year-old hacker downloaded vulnerability reports from HackerOne and shared screenshots of the company's internal systems, email dashboard and Slack server.

The screenshots shared by the hacker appear to show full access to many of Uber's critical IT systems, including the company's security software and Windows domain.

Uber attacker had full access

The attacker also hacked the Uber Slack server, which he used to send messages to employees saying the company was hacked. However, screenshots from Uber's Slack show that these announcements were initially met with memes and jokes, as employees were unaware that an actual cyberattack was taking place.

According to bleedingcomputer, Uber has since confirmed the attack and tweeted that they are in contact with law enforcement and will release additional information as it becomes available. “We are currently responding to a cybersecurity incident. We are in contact with law enforcement and will post further updates here as they become available," the Uber Communications account tweeted.

No official Uber statement

Ian McShane, Arctic Wolf's vice president of strategy, says of the Uber hack: "While there is no official statement yet, one person who has claimed responsibility for the cyberattack states that the initial access was socially engineered by an unsuspecting Uber employee was contacted by him, he posed as tech support and reset the password. The attacker was then able to connect to the corporate VPN to gain further access to the Uber network. In doing so, he appears to have struck gold in the form of admin credentials stored in clear text on a network share.

The barrier to entry for this attack turned out to be quite low. The attack is similar to the one in which attackers impersonated MSFT employees and tricked end users into installing keyloggers or remote access tools. Given the access they claim to have gained, I'm surprised the attacker didn't attempt to extort ransom. It looks like it was just a 'fun' act."

Access to bug bounty program?

There is currently no precise explanation of the attack. Various media reports that the Uber account was protected with multi-factor authentication. The attacker allegedly used an MFA fatigue attack and pretended to be Uber's IT support to convince the employee to accept the MFA request. According to the New York Times, the hacker was said to have had access to Uber databases and source code as a result of the attack.

Worst of all is the assumption that the attacker is said to have copied the ticket system and thus the vulnerability reports of the bug bounty program. If that were true, Uber would have to expect a new attack at any time and close the gaps found extremely quickly. Because the attacker can quickly turn this information into money on the Darknet. Experts are probably already on the lookout for suitable offers.

More at bleedingcomputer.com


Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more