• Tech News
    • Games
    • Pc & Laptop
    • Mobile Tech
    • Ar & Vr
    • Security
  • Startup
    • Fintech
  • Reviews
  • How To
What's Hot

10 Necessary Skills For Managing The Day-To-Day Operations Of A Business

February 2, 2023

Whalesync, a Seattle startup syncing data between software apps, raises $1.8M – Startup

February 1, 2023

Panasonic LZ2000 (2022) review

February 1, 2023
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
    1. Games
    2. Pc & Laptop
    3. Mobile Tech
    4. Ar & Vr
    5. Security
    6. View All

    Bring Elden Ring to the table with the upcoming board game adaptation

    September 19, 2022

    ONI: Road to be the Mightiest Oni reveals its opening movie

    September 19, 2022

    GTA 6 images and footage allegedly leak

    September 19, 2022

    Wild west adventure Card Cowboy turns cards into weird and silly stories

    September 18, 2022

    7 Reasons Why You Should Study PHP Programming Language

    October 19, 2022

    Logitech MX Master 3S and MX Keys Combo for Business Gen 2 Review

    October 9, 2022

    Lenovo ThinkPad X1 Carbon Gen10 Review

    September 18, 2022

    Lenovo IdeaPad 5i Chromebook, 16-inch+120Hz

    September 3, 2022

    YouTube adds very convenient iPhone homescreen widgets

    October 15, 2022

    Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

    October 14, 2022

    Is Apple actually turning iMessage into AIM or is this sketchy redesign rumor for laughs?

    October 14, 2022

    Samsung’s One UI 5 update is largely about personalization

    October 14, 2022

    MeetKai launches AI-powered metaverse, starting with a billboard in Times Square

    August 10, 2022

    The DeanBeat: RP1 simulates putting 4,000 people together in a single metaverse plaza

    August 10, 2022

    Improving the customer experience with virtual and augmented reality

    August 10, 2022

    Why the metaverse won’t fall to Clubhouse’s fate

    August 10, 2022

    How Apple privacy changes have forced social media marketing to evolve

    October 16, 2022

    Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

    October 16, 2022

    Decentralization and KYC compliance: Critical concepts in sovereign policy

    October 15, 2022

    What Thoma Bravo’s latest acquisition reveals about identity management

    October 14, 2022

    What is a Service Robot? The vision of an intelligent service application is possible.

    November 7, 2022

    Tom Brady just chucked another Microsoft Surface tablet

    September 18, 2022

    The best AIO coolers for your PC in 2022

    September 18, 2022

    YC’s Michael Seibel clarifies some misconceptions about the accelerator • DailyTech

    September 18, 2022
  • Startup
    • Fintech
  • Reviews
  • How To
Behind The ScreenBehind The Screen
Home»Tech News»Uber suffers major cyber attack
Tech News

Uber suffers major cyber attack

September 16, 2022No Comments4 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Drivers’ union calls for immediate dismissal of Uber executive
Share
Facebook Twitter LinkedIn Pinterest Email

Controversial ride-sharing service Uber is investigating a major cyber security breach that has forced it to take a number of critical systems offline following an alleged social engineering attack on an employee by an apparent teenage hacktivist.

The incident came to light late on Thursday 15 September when according to the New York Times, which was first to report the story, an individual claiming responsibility for the attack shared screengrabs of various compromised Uber resources with the newspaper, and with security researchers.

Uber’s communications team confirmed the breach via Twitter at 2:25am BST on Friday 16 September. They said: “We are currently responding to a cyber security incident. We are in touch with law enforcement and will post additional updates here as they become available.”

Uber had not provided any additional comment on the incident at the time of writing.

Sam Curry, a security engineer at Yuga Labs, who was among those to be contacted by the hacker, described a “total compromise” to the NYT and said the attacker appeared to have access to the majority of its systems.

The NYT additionally revealed that the attacker had told its reporters they had compromised Uber after successfully breaching an employee’s network access by sending them text messages posing as an internal IT admin to obtain their credentials.

From there, they appear to have been able to establish persistence and gain access to the majority of Uber’s internal resources after scanning the company’s network and finding a PowerShell script that contained privileged credentials for an admin user of Thycotic, a provider of privileged access management (PAM) solutions. These credentials gave the attacker further access to multiple services.

See also  UK government presses on with new cyber rules for telcos

Among the systems claimed to be compromised are Amazon Web Services, Duo, GSuite, OneLogin, Slack, VMware and Windows. Bleeping Computer additionally reported the attacker had accessed and taken data from Uber’s HackerOne bug bounty programme, which could be particularly dangerous for Uber if it contains undisclosed or unpatched vulnerabilities in its application.

The attacker went on to use Slack to send Uber employees a message listing the compromised resources and posted pornographic imagery on an intranet page. The attacker claimed to be 18 years old and testing their skills, and said they wanted Uber drivers to be better paid.

There is currently no information as to whether or not the attacker has access to Uber employee or customer data, although the possibility would seem very real. A 2016 data breach at Uber saw information on 57 million user accounts – 2.4 million in the UK – compromised. Uber was fined almost $150m for covering up this breach, and its then chief security officer, Joe Sullivan, is currently facing criminal charges over the incident.

The alleged involvement of a teenage hacktivist in the attack also calls to mind a number of more recent cyber attacks against tech companies perpetrated by the Lapsus$ group, which exploited failings in multifactor authentication (MFA) to compromise multiple victims in a remarkably similar fashion. Although there is no evidence to link the Uber incident to Lapsus$, a number of the gang’s members turned out to be teenage hackers, who were caught when they fell out with one another.

A study conducted for the upcoming International Cyber Expo in London found an increasing tendency for minors to get involved in cyber crime, a trend that may be in danger of being exacerbated by the cost-of-living crisis (a similar trend was observed linked to mass furloughs and lay-offs during the Covid-19 pandemic). The study suggests 40% of parents are worried to some degree that their children may turn to cyber crime.

See also  H&M Group tries Google Cloud on for size as omnichannel push gathers pace

Simon Newman, an advisory council member for International Cyber Expo and CEO of the Cyber Resilience Centre for London, said: “With hacking tools becoming increasingly accessible and affordable on the internet, we have witnessed a rise in ‘script kiddies’ – inexperienced hackers who carry out cyber attacks.

“While ‘kiddies’ do not necessarily refer to the hacker’s age so much as their experience, many have been found to be teenagers. In fact, in the UK, the average age of a referral to the National Cyber Crime Unit is just 15 years old.

“Although law enforcement agencies are working hard to take down the websites and forums that promote hacking, the results of this survey also demonstrate a need for parents/guardians to take an active interest in what their children are doing online to prevent them from falling on the wrong side of the law,” said Newman.



Source link

Attack Cyber Major suffers Uber
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Former Uber engineers raise $26M for DevOps startup DevZero – Startup

January 26, 2023

What is a Service Robot? The vision of an intelligent service application is possible.

November 7, 2022

Average Australian suffers 250 scam attempts

October 14, 2022

SecondSight enters cyber insurance market with AI-driven platform for ‘inside-out’ underwriting

October 13, 2022
Add A Comment

Comments are closed.

Editors Picks

Elon Musk says we should always see Steam operating on Teslas quickly

July 18, 2022

BitPay partners Cardlytics for cash back rewards

August 11, 2022

Total War: Three Kingdoms and FIFA 22 lead June’s new Xbox Game Pass games

June 26, 2022

Startup constructing software program that helps airways upsell prospects raises $25M – Startup

July 20, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

10 Necessary Skills For Managing The Day-To-Day Operations Of A Business

Whalesync, a Seattle startup syncing data between software apps, raises $1.8M – Startup

Panasonic LZ2000 (2022) review

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2023 behindthescreen.uk - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.