Uber Cyber Attack - A Case Investigation

Uber Cyber Attack

The breach happened when hackers attacked the company's security systems, taking communications and engineering systems offline. A hacker got access to one of the employee’s Slack logins, using it to contact other Uber personnel to inform them about a data breach. Although the company has faced several issues because of this attack, users' data wasn’t at risk. It took time to restore everything and inform all the needed institutions. The Uber cybersecurity department reacted well and prevented the possible disaster.

The hacker, probably, belongs to the Laspus$ hacking group, but the investigation didn’t give us a correct answer yet. At least we know how he was able to get access to the system. The Uber Contractor was flooded with two-factor authentication login requests. Most of them were ignored until one was accepted to grant access. However, it was enough to get the intruder an opportunity to control every computer system. It wasn’t a problem to get access to Uber's Google Workspace accounts and Amazon Web Services. We can only imagine what amounts of data become available for the hacker at this moment.

What is Uber's Cyber Attack Based On?

The main technique that was used is called social engineering. It is based on a manipulation to force the user to make a mistake and, as a result, get access to private information, including passwords, emails, logins, and other valuables. Social engineering is very popular in the IT industry, especially when criminals introduce themselves as employers, managers of unknown companies, etc. Their main goal - force people to make a mistake and give them personal data or even money. If the main goal is to get inside the system, the data would be their main goal. Like the Uber cyber breach, it could happen to any organization or platform if the hacker knows where to start. 

The most popular type of social engineering is called pretexting. The main idea is to create a fake scenario or take a person into a situation where they have to share any personal information. For example, a strange guy texts you and introduces himself as a technical support team member. He informs you that your profile was attacked, and to avoid the leak of information, he needs your login. Strange, right? Why would a guy from technical support ask you about your info while no one else doesn’t? It’s an element of surprise that looks strange, but usually, people don’t react to it and do everything as hackers want.

The Uber cyber attack had a bit of a different situation because the hacker spammed the contractor and one of the requests was approved. However, in most cases scammers and attackers expect people to make a mistake. If you haven’t faced such situations before and want to prevent a possible attack, follow these tips to protect yourself. A simple piece of advice could save you from serious troubles, so be attentive.

Was Uber Hacked?

It was. Fortunately, developers and cyber security controllers reacted well and prevented a huge leak of information. Moreover, it was a signal for developers to increase Uber's cybersecurity. Below are the main changes:

  • Re-authentication for employees when restoring access to the internal tools.
  • Blockage of all compromised or potentially compromised accounts to deny access to Uber's system.
  •  Internal services key rotation. It means that they have reset access.
  • Additional monitoring of the whole environment to track any suspicious activity.

It’s only a part of the measures that were taken after the cyber attack. Specialists did a lot to increase the security level and make the whole system work much better.

Summing Up

The Uber cyber attack shows the importance of cyber security. No matter how good your protocols may be, they require updates and regular checks. We don’t mention hundreds of other small attacks on websites and organizations worldwide, but they all show developers what they should be prepared for. If you feel you need to elevate your cyber defenses to a higher level, consider the IBM Security QRadar platform that has a full range of tools to defend your business against internal and external threats. MBS Tech specialists will discuss with you a full spectrum of services and solutions that will make you feel confident about your security. Have any questions about cyber security? Give us a call!



For your convenience, we’ve divided our blog on cyber security into several categories so that you can find necessary articles fast and effortlessly. Just choose the category that evokes your interest and enjoy reading.