We all make assumptions about big businesses–big money, big teams, big investments. Our general belief is large companies have infrastructure and security protections. So, when a big name like Uber gets attacked, it rocks our world. If Uber can suffer a cybersecurity breach, then any company of any size or scope is vulnerable to an attack, right? While this is somewhat true, in this blog, we’ll look at how and why Uber was attacked and what your business can do to protect yourself from a cybersecurity attack.
How Did the Uber Attack Happen?
Essentially, a malicious actor sent an Uber employee a text message and was able to convince that employee that he was a corporate information technology personnel and needed password access. The Uber employee gave up the password and verified the two-factor authentication that was in place, thinking the hacker was an IT person. This allowed the hacker to bypass MFA protections and gain access to Uber’s network.
With MFA bypassed, the hacker moved to breach high-level credentials allowing him access to network file shares, corporate Endpoint Detection and Response (EDR) console, and Uber’s Slack messaging interface.
Ultimately, the hacker gained access to multiple internal systems, including administrative access to Uber’s cloud services, Amazon Web Services (AWS), and Google Cloud (GCP).
Since the attack, Uber shut down internal operations while they investigated the attack. This included employee communication on their internal messaging platform, Slack.
The Importance of Two-Factor Authentication
While the headline here could be that a motivated hacker bypassed two-factor authentication, this would be a false pretense. It’s important to note the hacker was stopped by two-factor authentication, at which point the victim employee offered verification.
There are a couple of key lessons here.
- First is the importance of multi-factor authentication. MFA is as sure a way as any to keep your information safe. Use MFA on every personal and business account for maximum security.
- Second is the importance of verifying the source when sensitive information (i.e., passwords) is requested. The big mistake here was the Uber employee did not verify that the person requesting password access was, in fact, a verified Uber employee or third-party administrator. Failure to confirm this ultimately resulted in a breach. Sharing passwords, whether with a third-party administrator or a fellow employee, is never advised.
Invest in Cybersecurity for Your Business
It’s likely your business doesn’t have the budget of Uber, but it is no less important to invest in cybersecurity protections for your business. With the right team of qualified IT professionals, your business can avoid common cybersecurity mistakes, and create a preventative plan that protects the specific vulnerabilities of your industry and business operations.
Whether you’re looking for managed IT services or support, consulting, or technical recommendations, we’re here for you. Our team of knowledgeable experts will solve your problems and send you on your way to better IT health. Schedule a free IT assessment with a team member at Clarity Technology Group today.