On September 15, 2022, Uber reported that they were responding to a cybersecurity incident. That incident, as we later found out, was a security breach of Uber’s entire IT infrastructure.

A hacker, an unknown 18-year-old, posted screenshots of the company’s financial and admin dashboards, proving he was successful.

He spoke with journalists about how he compromised Uber the following day.

Below is each key moment of the hacker’s attack.

1 – Social Engineering

The hacker’s first move was to gain access to the company’s internal network.

He started his attack by sending authentication requests to his target for over an hour.

But the contractor wouldn’t tap on the notification.

Deciding to contact the user via WhatsApp. The hack Impersonated Uber IT and told the contractor to push the notification.

The contractor fell for the impersonation and granted the hacker access.

Lesson:

Educating yourself about social engineering will mitigate attempts from hackers. Learn what applications and protocols your company uses to communicate. Doing so you will notice anything abnormal/strange and can respond.

2 – Privilege Access Management

Once the hacker gained access, he then was able to add his device to the company VPN. This allowed him to scan the company’s internal network for any information.

While scanning the network, the hacker discovered a network share.

This network share housed a PowerShell script containing admin credentials for Thycotic (PAM).

The hacker then had access to all of Uber’s services, DA, G Suite, and AWS.

Lesson:

According to the NIST, no user should be given enough privileges to misuse the system on their own.

Avoid giving one credential access to all of the solutions in your environment. By distributing the access, you force your attacker to work harder and waste time. Giving you more time to respond.

3 – Multi-Factor Authentication

When the hacker found the admin credentials, it was game over for Uber. He could now access anything in the company’s digital environment.

The hacker decided to take a look around. He went from application to application taking screenshots of the company’s data.

After looking around, the hacker announces himself to the company through Slack.

According to the hacker in a later report on why he targeted Uber, he said that it was for “fun”.

Lesson:

Note that the hacker was able to access all of Uber’s services with only a username and password. This is a massive security mishap.

By not implementing multi-factor authentication you allow hackers easier access to your application. Whenever possible, always put in place multi-factor authentication.

Conclusion:

There are about 2,200 attempted attacks every day.

Implementing basic cyber security principles is non-negotiable.

We continue to give more and more sensitive information to companies like Uber. Giving plenty of motivation to hackers who aren’t doing it for “fun”.

But by continuing to analyze how these attacks happen, we can prepare.