Qualys comments on the hacking attack on Uber

October 11, 2022

By Paul Baird, CTSO UK at Qualys

Uber was the victim of a hacking attack on the night of Friday 16 September, according to its own statement on Twitter. According to media reports, the attacker gained access to several systems of the mobility service provider.

So far, there is only conjecture about the exact details of the incident. To get an accurate picture of the potential security breach, we must first wait for Uber’s full RCA (Root Cause Analysis) – if it is ever released. If the reporting so far is true, then there were several flaws in Uber’s IT and cybersecurity arrangements.

The original social engineering attack vector is still difficult to defend against, especially if it came via a text message. But there was obviously no MFA on the corporate VPN either, and leaving a PowerShell script with access management permissions on an intranet system is inexcusable.

Hackers who penetrate corporate networks for “fun” are the most dangerous. Since the hackers’ only goal is usually to gain access to internal systems, cause damage and steal data, there is very little Uber can do now to minimise the impact of the security breach. However, when dealing with financially motivated actors, there is at least the option of paying a ransom to mitigate the extent of the damage.

I am surprised that the internal security systems did not intercept the East-West traffic while the attacker traversed the network in search of rich pickings (which he apparently got in the form of confidential company information and source code).

Uber needs to learn from this security breach, strengthen its IT and cybersecurity programmes, implement or expand MFA, and conduct a clean-up of its systems to ensure that scripts and documents residing on internal systems do not contain information that opens the door wide to attackers.

Genetec

Related Articles

Belgium becomes football world champion, at least digitally

> The big digital check for the World Cup by nexum AG> Germany in 3rd place behind the Netherlands, but ahead of England, France and Spain In the next four weeks, the sporting world champion will be determined among the best football teams. But already today a winner...

Every fifth German open to e-prescription

Every fifth German open to e-prescription

Seniors over 65, however, are in favour of the completely analogue or predominantly analogue variantOne in five Germans would want to redeem a doctor's prescription exclusively digitally in future. Another 21 per cent would choose the digital option for the most part....

Stupid pupils cost the economy around 700 billion euros

Stupid pupils cost the economy around 700 billion euros

According to the ifo study, two-thirds of young people globally do not achieve basic skills Two-thirds of young people worldwide do not achieve basic skills that should be taught in school. This is according to a new study by the Ifo Institute (https://ifo.de). In...