A social-engineering attack is behind the latest Uber data breach, forcing the rideshare giant to take several of its internal communications and engineering systems offline.
Uber sent the following tweet Thursday evening about the data breach:
“We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.”
According to the New York Times, the person claiming responsibility for the hack said he sent a text message to an Uber worker claiming to be a corporate IT person. The attacker persuaded the worker to hand over a password that allowed him to gain access to Uber’s systems.
Ian McShane is Arctic Wolf‘s vice president of strategy. He said Uber is “renowned for having some of the best cybersecurity in the business.”
Ian McShane of Arctic Wolf
“Nobody’s perfect and even the best managed security organizations can be compromised,” he said. “The key is how quickly you respond and mitigate the issue, which they appear to have done here.”
The Uber data breach is a pretty “low-bar to entry” attack, McShane said. It’s akin to consumer-focused attackers calling people claiming to be Microsoft and having the end user install keyloggers or remote access tools.
“Given the access they claim to have gained, I’m surprised the attacker didn’t attempt to ransom or extort,” he said. “It looks like they did it ‘for the lulz’.”
Attacks that use insider threats and compromised user credentials continue to grow by 47%. That’s according to a 2022 Ponemon Institute report. This breach is proof once again that often the weakest link in your security defenses is the human, McShane said.
“It is therefore critical that you manage that risk by running regular training and security awareness sessions while running around-the-clock monitoring, detection and response, as well as other security operations solutions to reduce risk and keep your organization protected,” he said.
For the full article, please visit our sister site Channel Futures.