New cyber attack to a company computer technologicalin this case, Uber. As the company warned, through its account Twitter On Thursday, September 15, the authorities are working to find out the scope of the cybersecurity problem.
Precisely ESET, a company specialized in cybersecuritymentions that the company was the victim of abuse of access to some of its systems, and the attacker sent investigators and media such as The New York Times (NYT) screenshots of photos of the email, online storage service, cloud and repository code to prove that you have access to the system.
According to what the attacker told the media, to gain access to Uber’s system, he first tricked an employee through social engineering, gained access to his VPN, and then analyzed the intranet.
The alleged cyberattacker would hardly be of legal age
As reported by the NYT reporter Kevin Rose, A person who claimed responsibility for the Uber attack contacted the media and said he was 18 years old, and carried out the attack due to lack of security.
ESET’s Vice revealed that the first attacker stole the login credentials of an Uber associate. He then sent the employee a series of push notifications within an hour to accept or decline the login attempt.
And although the Uber employee did not authenticate these credentials, the attacker contacted the employee at WhatsApp telling him he was a Uber IT expert and that to stop push notifications, you had to accept.
How they accessed the data and which sections of Uber were affected
The researcher is said Sam Curry He exchanged messages with whoever claims responsibility for the attack. He sent you screenshots to prove that he had full access to an important and important part of Uber’s technology infrastructure, such as:
– Access to the account manager account;
– Amazon Web Service server;
– HackerOne dashboard with vulnerability reports;
– Slack channel;
– Access to vSphere (VMware’s cloud computing virtualization platform);
– Access to the Google Suite administrator account.
On the other hand, people who work at Uber were told not to use the instant messaging app Slack, which was later discontinued.
Apparently there is a network share that contains scripts from PowerShell. One such script contains the credentials of a user with administrator rights for a solution called PAM of Thycotic used to access administration privileges. And from there they would find a way to access the other services.
It is not the first leak to which Uber is subjected
Already in 2016, the technology company suffered an attack in which the data of 57 million users around the world were compromised. This, in fact, was quite a controversial process. Uber did not report that its security had been compromised until 5 years later.
This joins the well-known Uber Papers, in which a manager made public hundreds of company messages and data that compromised institutions and politicians from all over the planet. Of course, 2022 is not the year of security for the company.