Posted on September 17, 2022 at 7:35 PM
Ride-hailing service Uber has become the latest victim of a cyberattack, which has forced several critical systems offline. According to the report, the incident was a result of social engineering attack by a teenage hacktivist on one of Uber’s employees.
The incident was discovered on Thursday when the individual who claimed responsibility for the attack, shared screengrabs of the breached Uber detail with security researchers.
The breach has also been confirmed by Uber’s communications team via Twitter on Friday, September 16. The team said it is responding to a cyber security incident, and more information will be shared as they become available. They also confirmed that law enforcement has been informed about the incident. No additional details about the situation have been provided as of press time.
A “Total Compromise” Of Majority Of The Systems
Security engineer at Yuga Labs, Sam Curry, was among those the hacker contacted. He described the incident as a “total compromise” as the threat actor seemed to have accessed the majority of the company’s systems. The threat actors also told reporters that they breached Uber after successfully compromising an employee’s network access. They sent the victim text messages to gain their credentials while posing as an internal IT admin.
After initially compromising the network through the employee’s network, they appeared to establish persistence and gained access to the majority of the firm’s internal resources following a successful scanning of the company’s network.
The hackers then gained a strong presence within the network after accessing a PowerShell script that has privileged credentials for an admin user of Thycotic. This gave the threat actor more access to multiple services on the platform.
The Hackers Accessed Several Systems
Windows, VMware, Slack, OneLogin, GSuite, Duo, and Amazon Web services are among the systems that were compromised by the hacker. Additionally, the attacker also had access to data from Uber’s HackerOne bug bounty program. This could be highly sensitive for the company if it contains information about unpatched or undisclosed bugs in its application.
The threat actor also utilized Slack to send messages to Uber employees that listed the breached documents and posted pornographic imagery on an intranet page. Also, the threat actor who claimed responsibility for the attack claimed to be 18 years old and only tested their skills. The hacker said the attack aimed to create awareness and advocate for better pay for Uber drivers.
There is no information as to whether or not the threat actor had access to Uber customers’ or employees’ data. However, considering that they had access to the majority of the systems, there is a high possibility that those files would have been accessed as well.
In 2016, Uber had a hacking incident where 57 million user accounts were exposed. Uber was slammed with a $150 million fine for covering up the breach. Joe Sullivan, who was the company’s chief security officer at the time, is currently facing criminal charges over that incident.
The Laspsus$ Hacking Group Also Has Several Teenage Members
The alleged involvement of a teenager in the recent attack also brings to mind other recent attacks that were perpetuated by the Lapsus$ ransomware group. The hacking group used a similar fashion to exploit vulnerabilities in multifactor authentication (MFA) to breach the accounts of their victims.
While there is no evidence to suggest that the hacker is part of the Lapsus$ hacking syndicate, several of the gang’s members, who were recently caught, turned out to be teenagers.
More Teenagers Are Now Involved In Cyber Crime
A recent study carried out for the upcoming International Cyber Expo in London revealed that more teenagers are joining cybercriminal gangs. This trend could even be exacerbated if the cost-of-living crisis continues. A similar trend was also observed during the massive lay-offs at the peak of the covid-19 lockdowns. The study revealed that 40% of the parents were worried that their children could take to cybercrime.
This worry is also compounded as hacking tools keep getting cheaper. It is now easier for people to set up a hacking system or buy tools from the dark web than before. As a result, the world of cybercrime has expanded and accommodated even those who may not have the financial strength.
Today, more inexperienced persons are involved in hacking incidences because they can easily get the tools they need on the dark net at an affordable price, according to Simon Newman, Chief Executive Officer of the Cyber Resilience Center for London.