According to various sources, transport company Uber has suffered a massive breach by an alleged teenage hacker, resulting in a $2 Billion valuation loss overnight.
As evidence, the attacker published several alarming screenshots of Uber's administrative systems including their AWS, Slack and vSphere services.
Sources claim the teenage hacker first acquired a telephone number for an Uber employee and performed a phishing attack, sending a link over SMS. Fortunately, Uber used multi-factor authentication (MFA) in their systems, the credentials alone were not enough for the attacker to log in.
However, the attacker successfully used a simple tactic known as "MFA Fatigue" which involves spamming the target with MFA notifications until they feel harassed enough to accept the prompt.
The hacker then leveraged this account to access Uber's corporate VPN, leading to the discovery of sensitive internal file shares. One of these shares hosted a PowerShell script containing hardcoded Thycotic admin credentials.
The password allowed the hacker to access various admin services, such as AWS, Slack and vSphere; ultimately achieving domain admin privileges in the organisation. From this position, the attacker could have performed a range of permanently damaging actions against Uber as a business.
Although the details of the attack are still unfolding, the attack already serves as a reminder that reported 'sophisticated' cyber-attacks are often in name only, with only a few non-technical hurdles in the way to compromise a tech giant. Although, storing privileged credentials in widely accessible network shares is never a good idea...
The incident highlights the importance of continuous awareness training, penetration testing and security best practices. A real-world example demonstrating how humans are always the weakest link in the security model.
If you have any questions about this news article, please contact Ben Shaw.