• Tech News
    • Games
    • Pc & Laptop
    • Mobile Tech
    • Ar & Vr
    • Security
  • Startup
    • Fintech
  • Reviews
  • How To
What's Hot

Elementor #32036

January 24, 2025

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

April 18, 2024

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

April 16, 2024
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
    1. Games
    2. Pc & Laptop
    3. Mobile Tech
    4. Ar & Vr
    5. Security
    6. View All

    Bring Elden Ring to the table with the upcoming board game adaptation

    September 19, 2022

    ONI: Road to be the Mightiest Oni reveals its opening movie

    September 19, 2022

    GTA 6 images and footage allegedly leak

    September 19, 2022

    Wild west adventure Card Cowboy turns cards into weird and silly stories

    September 18, 2022

    7 Reasons Why You Should Study PHP Programming Language

    October 19, 2022

    Logitech MX Master 3S and MX Keys Combo for Business Gen 2 Review

    October 9, 2022

    Lenovo ThinkPad X1 Carbon Gen10 Review

    September 18, 2022

    Lenovo IdeaPad 5i Chromebook, 16-inch+120Hz

    September 3, 2022

    It’s 2023 and Spotify Still Can’t Say When AirPlay 2 Support Will Arrive

    April 4, 2023

    YouTube adds very convenient iPhone homescreen widgets

    October 15, 2022

    Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

    October 14, 2022

    Is Apple actually turning iMessage into AIM or is this sketchy redesign rumor for laughs?

    October 14, 2022

    MeetKai launches AI-powered metaverse, starting with a billboard in Times Square

    August 10, 2022

    The DeanBeat: RP1 simulates putting 4,000 people together in a single metaverse plaza

    August 10, 2022

    Improving the customer experience with virtual and augmented reality

    August 10, 2022

    Why the metaverse won’t fall to Clubhouse’s fate

    August 10, 2022

    How Apple privacy changes have forced social media marketing to evolve

    October 16, 2022

    Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

    October 16, 2022

    Decentralization and KYC compliance: Critical concepts in sovereign policy

    October 15, 2022

    What Thoma Bravo’s latest acquisition reveals about identity management

    October 14, 2022

    What is a Service Robot? The vision of an intelligent service application is possible.

    November 7, 2022

    Tom Brady just chucked another Microsoft Surface tablet

    September 18, 2022

    The best AIO coolers for your PC in 2022

    September 18, 2022

    YC’s Michael Seibel clarifies some misconceptions about the accelerator • DailyTech

    September 18, 2022
  • Startup
    • Fintech
  • Reviews
  • How To
Behind The ScreenBehind The Screen
Home»Security»What Uber’s data breach reveals about social engineering
Security

What Uber’s data breach reveals about social engineering

September 16, 2022No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
What Uber's data breach reveals about social engineering
Share
Facebook Twitter LinkedIn Pinterest Email

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.


Few techniques are as popular among cybercriminals as social engineering. Research shows that IT staff receive an average of 40 targeted phishing attacks a year, and many organizations are struggling to intercept them before it’s too late. 

Just yesterday, Uber was added to the long list of companies defeated by social engineering after an attacker managed to gain access to the organization’s internal IT systems, email dashboard, Slack server, endpoints, Windows domain and Amazon Web Services console. 

The New York Times [subscription required] reported that an 18-year-old hacker sent an SMS message to an Uber employee impersonating support staff to trick them into handing over their password. The hacker then used it to take control of the individual’s Slack account, before later gaining access to other critical systems. 

The data breach sheds light on the effectiveness of social engineering techniques and suggests that enterprises should reevaluate reliance on multifactor authentication (MFA) to secure their employees’ online accounts. 

Event

MetaBeat 2022

MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

Register Here

Social engineering: the low-barrier way to hack  

In many ways, the Uber data breach further illustrates the problem of relying on password-based authentication to control access to online accounts. Passwords are easy to steal with brute-force hacks and social engineering scams, and they provide a convenient entry point for attackers to exploit. 

See also  The Zoom installer let a researcher hack his way to root access on macOS

At the same time, no matter how good a company’s defenses are, if they’re relying on passwords to secure online accounts, it only takes one employee to share their login credentials for a breach to take place. 

“Uber is the latest in a string of social engineering attack victims. Employees are only human, and eventually, mistakes with dire consequences will be made,” said Arti Raman, CEO and founder of Titaniam. “As this incident proved, despite security protocols in place, information can be accessed using privileged credentials, allowing hackers to steal underlying data and share them with the world.”

While measures like turning on multifactor authentication can help to reduce the likelihood of account takeover attempts — they won’t fully prevent them.

Rethinking account security 

Generally, user awareness is an organization’s best defense against social engineering threats. Using security awareness training to teach employees how to detect manipulation attempts in the form of phishing emails or SMS messages can reduce the likelihood of them being tricked into handing over sensitive information. 

“General cybersecurity awareness training, penetration testing and antiphishing education are powerful deterrents to such attacks,” said Neil Jones, director of cybersecurity evangelism at Egnyte. 

Organizations simply cannot afford to make the mistake of thinking that multifactor authentication is enough to prevent unauthorized access to online accounts. Instead, company leaders need to assess the level of risk based on the authentication options supported by the account provider and implement additional controls accordingly. 

“Not all MFA factors are created equal. Factors such as push, one-time-passcodes (OTPs), and voice calls are more vulnerable and are easier to bypass via social engineering,” said Josh Yavor, CISO at Tessian. 

See also  Hackers access DoorDash data, T-Mobile teams up with SpaceX, and eBay buys TCGplayer – DailyTech

Instead of relying on these, Yavor recommends implementing security-key technology based on modern MFA protocols like FIDO2 that have phishing resilience built into their designs. These can then be augmented with secure-access controls to enforce device-based requirements before providing users access to online resources.  

Source link

Breach data engineering reveals Social Ubers
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Google Mourns Veteran Engineer Luiz André Barroso Who Invented the Modern Data Center

September 22, 2023

The Most Popular Digital Abortion Clinics, Ranked by Data Privacy

August 21, 2023

Generative AI Is Making Companies Even More Thirsty for Your Data

August 10, 2023

Uber’s Fatal Self-Driving Car Crash Saga Ends With the Operator Avoiding Prison

July 30, 2023
Add A Comment

Comments are closed.

Editors Picks

Normalyze’s multicloud management tools aim to tighten security and lower cost

July 2, 2022

A primary take a look at Discord on Xbox

July 20, 2022

Akamai: Web application attacks are up against gamers by 167%

August 4, 2022

Paradox’s next grand strategy simulation will launch in October

August 30, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Elementor #32036

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.uk - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.