The Last Hunt of Social Engineering: Uber
A young hacker allegedly broke into Uber’s network last week using social engineering attacks. He gained access to a staff member’s Slack login and utilized it to inform Uber staff that there had been a data breach. Uber noticed this and within hours, it published additional facts quickly confirming the hack on Twitter.
2024-01-19
'%3e%3cpath%20d='M25.1219%206.1263C25.1397%206.38418%2025.1397%206.64212%2025.1397%206.9C25.1397%2014.7658%2019.3656%2023.8289%208.81221%2023.8289C5.56092%2023.8289%202.54063%2022.8526%200%2021.1579C0.461947%2021.2132%200.906066%2021.2316%201.38579%2021.2316C4.06849%2021.2316%206.53808%2020.2921%208.51017%2018.6895C5.98732%2018.6342%203.87309%2016.9211%203.14465%2014.5632C3.50001%2014.6184%203.85532%2014.6552%204.22845%2014.6552C4.74367%2014.6552%205.25893%2014.5815%205.7386%2014.4526C3.10916%2013.9%201.13701%2011.5053%201.13701%208.61315V8.53949C1.90095%208.9816%202.78935%209.25791%203.73091%209.29471C2.18521%208.22627%201.17256%206.40261%201.17256%204.33943C1.17256%203.23419%201.45677%202.22103%201.95427%201.33681C4.77916%204.94734%209.02539%207.30519%2013.7868%207.56313C13.698%207.12102%2013.6446%206.66054%2013.6446%206.20001C13.6446%202.92102%2016.203%200.25%2019.3832%200.25C21.0355%200.25%2022.5279%200.968419%2023.5761%202.12895C24.8731%201.87106%2026.1167%201.37367%2027.2183%200.692109C26.7918%202.07372%2025.8858%203.23425%2024.6954%203.97104C25.8503%203.84215%2026.9696%203.5105%2028%203.05002C27.2184%204.22892%2026.2412%205.27888%2025.1219%206.1263Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24586'%3e%3crect%20width='28'%20height='25.0526'%20fill='%230671C0'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M5.37214%2023.8745H0.396429V8.10162H5.37214V23.8745ZM2.88161%205.95006C1.29054%205.95006%200%204.65279%200%203.08658C1.13882e-08%202.33427%200.303597%201.61278%200.844003%201.08082C1.38441%200.548853%202.11736%200.25%202.88161%200.25C3.64586%200.25%204.3788%200.548853%204.91921%201.08082C5.45962%201.61278%205.76321%202.33427%205.76321%203.08658C5.76321%204.65279%204.47214%205.95006%202.88161%205.95006ZM23.9946%2023.8745H19.0296V16.1963C19.0296%2014.3665%2018.9921%2012.0198%2016.4427%2012.0198C13.8557%2012.0198%2013.4593%2014.0079%2013.4593%2016.0645V23.8745H8.48893V8.10162H13.2611V10.2532H13.3307C13.995%209.01393%2015.6177%207.70611%2018.0386%207.70611C23.0743%207.70611%2024%2010.9704%2024%2015.2102V23.8745H23.9946Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24588'%3e%3crect%20width='24'%20height='27'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M13.957%2014.75L14.668%2010.0848H10.2225V7.05745C10.2225%205.78115%2010.8435%204.53707%2012.8345%204.53707H14.8555V0.565174C14.8555%200.565174%2013.0215%200.25%2011.268%200.25C7.60703%200.25%205.21403%202.48441%205.21403%206.52931V10.0848H1.14453V14.75H5.21403V26.0278H10.2225V14.75H13.957Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24590'%3e%3crect%20width='16'%20height='25.7778'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
A young hacker allegedly broke into Uber’s network last week using social engineering attacks. He gained access to a staff member’s Slack login and utilized it to inform Uber staff that there had been a data breach. Uber noticed this and within hours, it published additional facts quickly confirming the hack on Twitter. Uber asserts that no user data was compromised, and they informed law authorities, and that all of their services have been brought back up.
“Hi @here I announce I am a hacker and Uber has suffered a data breach” was the message that appeared in a channel on Uber’s Slack. After the message, the ride-share giant confirmed that it was responding to “a cybersecurity incident” in cooperation with law enforcement. An 18-year-old hacker reportedly took responsibility for the attack that hit the headlines and showed how significant users’ cyber security awareness has a role in defending the networks.
The Slack post included a number of Uber databases and cloud services that the cyber criminals claimed to have breached. Not only Slack, the company’s internal messaging service, but other internal systems were also inaccessible after the hack. Therefore, the hack did not only cause a data breach and a huge loss of reputation, business continuity was also severely damaged.
How did it happen?
A closer look at the incident will reveal that a familiar cause was behind the attack: Social engineering. Despite the huge security investments and the steps security teams took, cyber criminals have been able to breach the organizations’ computer networks by abusing the weakest part of the cyber security chain, the user.
The initial reaction from Uber after the incident seems to have been an effort to underestimate what had happened. The Uber spokesman said the attacker compromised a worker’s Slack account and that is how he was able to send a message to the Slack channel. However, it was just the tip of the iceberg. It appeared that the hacker was actually able to gain access to Uber source code, email, and other internal systems.
Although the incident is quite groundbreaking. The starting point of the attack is relatively simple. The attacker said that he had sent a text message to an Uber employee claiming to be a corporate information technology person. The worker was convinced to give his/her the password that allowed the hacker to gain access to the company’s networks. He targeted an individual employee and repeatedly sent him/her multifactor authentication login notifications. By doing this, the attacker made the employee think that there was a problem with log-in. Later, he contacted the same target on WhatsApp, pretending to be an Uber IT person and saying that the MFA notifications would stop once the target approved the login. A convincing scenario, isn’t it?
Social engineering has always been one of the strongest weapons of the cyber threat actors, and these types of attacks, which enable the attacker to gain a foothold, are on the rise. Attackers who executed the 2020 hack of Twitter also used social engineering to intrude into the company as well as the ones who breached Microsoft and Okta.
Phishing and spear phishing, two commonly used social engineering methods have continued to pose great risk to the organizations. Contacted by email, phone or messages including SMS, the targets are deceived to give sensitive, confidential and personal data (credit card details, passwords…) to the criminals who pose as legitimate institutions or people.
The phishing and social engineering tactics the hacker claimed to have used to breach the company are pretty similar to what a lot of red teamers, penetration testers have used to raise the cyber security awareness level of organizations. However, the recent huge hacks, including Uber, exhibit one more time that raising awareness does not necessarily mean maintaining awareness at a high level. The organizations’ employees should be trained frequently, and the level of awareness should be measured constantly. This is a non-stop engagement not a one-time effort.
How Keepnet Can Help You Against Social Engineering?
Keepnet’s Phishing Simulator is a cyber security program that allows organizations to send benign social engineering attacks that look real but are completely fake to their employees to test their users. Keepnet’s Phishing tests are designed to allow employees to detect phishing attacks and their variants and report them appropriately, and are also used to detect weak links and measure the effectiveness of security training programs.
The Phishing Simulation module is fully-integrated with our Awareness Educator to automatically place employees who are caught by our phishing simulations onto appropriate e-learning courses to improve their vigilance to genuine phishing attacks.
Different industries have utilized Keepnet Labs Phishing Simulator and Security Awareness Educator to achieve their specific goal to get protected from social engineering attacks.
Keepnet Labs focus on social engineering problem that many industries have been facing today, and provide a detailed step-by-step description of how their system is secured by Keepnet Labs security awareness modules.
Not the first, hopefully the last?
The last incident was not the first time that Uber’s data was stolen. In 2016, cyber criminals accessed 57 million driver and rider accounts and demanded Uber to pay $100,000 to delete their copy of the data. The company made the payment but kept the breach hidden for more than a year.
SHARE ON