Stolen credentials were used by an 18 year-old hacker who bypassed Multi-Factor Authentification (MFA) protocols to access Uber’s Slack server and taunt Uber employees.
The attack, which occurred in October 2022, combined stolen credentials, an MFA attack, and social engineering (posing as tech support), to breach the system. The hacker demanded higher wages for Uber drivers, and essentially made it impossible for Uber drivers to complete their jobs while the incident was occurring.
Uber has released statements that advise that no customer data was compromised, all services are now fully operational, and internal software (Slack) is now back online.
Social engineering attacks exploit the trust of people working for a company in order to obtain passwords, screen names and other information required to gain user access to a network. This can be done using the following:
- Phishing – this involves drafting an email that looks credible and using it to obtain information from a user
- Watering Hole Attacks – the hacker finds websites where employees spend time, and will then try to engage in conversation with the employee and glean access information
- Business Email Compromise (BEC) – an attacker will usually use or pretend to use a manager or superior’s email, and request information
- Physical social engineering – old-fashioned theft, usually involving rifling through drawers or distracting staff while they steal logins, etc.
- USB Fraud – simple theft of a USB stick, or swapping one out for one with malware on it
The Uber attack shows just how sophisticated hackers have become when it comes to exploiting weaknesses through social engineering, particularly phishing.
It’s important that your MFA procedure is truly multi-factor, and not just two factor. It’s also a good idea to require different types of verification methods, include biometrics, to really ensure security.
If you have concerns about your business, and whether it is truly secure, contact us here at Agilient.