On Thursday September 15 Uber announced that they had been the victim of a hacker. Details are still unfolding, but initial reports suggest the hacker had complete access to almost all of Uber’s internal systems (https://www.wired.com/story/uber-hack-mfa-phishing/). This kind of announcement has, unfortunately, become quite common. Let’s look at how this happened (with what we know so far), some possible preventative measures, and why all this matters to you as a business owner or computer user.
The hack started with stolen credentials. The presumption is that the hacker purchased them on the dark web, but how did they wind up there? In most cases they are captured when a user falls for a phishing email, but they can also be guessed if you’re not using a strong, complex password. They could also have been compromised in another breach and the user had the same password across different accounts. Possible preventative measures here would include security training for end users to avoid falling for phishing emails, monitoring the dark web for credentials associated with your accounts, using strong and complex passwords, using a password manager to have unique passwords across all accounts, and having breach alerts to let you know when a service is compromised so you can change those credentials.
After the hacker gained the user’s credentials he attempted to log in to Uber’s systems. Uber has multi-factor authentication (MFA) in place, which typically prevents an unauthorized login attempt like this from succeeding. Unfortunately, in this case, the user fell victim to what is called “MFA fatigue”: the attacker repeatedly sent MFA requests to the user for almost an hour, then contacted the user claiming to be an Uber IT technician and told the user the prompts would stop if the user allowed the login attempt. Possible preventative measures at this point would be educating users on MFA and abnormal behavior like repeated prompts over the course of an hour, as well as the proper communication channels between themselves and IT/technology support personnel.
Once the attacker gained access to Uber’s systems by getting credentials and tricking the user into allowing the attacker’s login attempt, there were several other factors that allowed the attacker to almost compromise Uber’s internal systems completely. Things like administrative credentials stored in file shares or coded into scripts, compromise of management systems that had access to multiple other internal systems and databases, all played a role.
What does all that mean for you as a business owner or a computer user? It means that something as simple as stolen credentials and a text message can lead to your business being hacked. There are steps you can take to mitigate the risk of that happening, as mentioned above. It can all seem overwhelming, but the key is to start with small steps and to keep going. It’s an ongoing, ever-evolving process, but having a good technology partner can make it smoother.
Do you want to have a deeper discussion about this? You can contact us here: https://bit.ly/CBTech-contact.
Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips
For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n