Uber’s internal systems have been breached and many of the company’s vulnerability reports were stolen. The malicious attacker shared screenshots of what appears to be full access to many critical Uber IT systems, including the company’s Windows domain and security software.
The hacker also accessed the company’s Amazon Web Services console, VMware ESXi virtual machines, Google Workspace email admin dashboard, and Slack server, to which the hacker posted messages.
The New York Times, which first reported on the breach, said the attacker breached Uber after performing a social engineering attack on an employee and stealing their password. The attacker then gained access to the company’s internal systems using the stolen credentials.
Looking into this issue for Digital Journal is Keith Neilson, Technical Evangelist at CloudSphere.
Neilson opens y explaining why a firm like Uber presents a prime target for criminal cyber-gangs: “High-profile enterprises entrusted with large volumes of sensitive customer data have a responsibility to establish strict guardrails around access management. For organizations today, basic password protection just isn’t enough to ensure proper identity access management and security of all cyber assets.”
There are consequences from this for the business community to consider and to take action, says Neilson: “Malicious attacks of this magnitude illustrate the need for businesses to extend their focus beyond just password best practices – they must prioritize secure access and next-generation authentication. Developing new and improved alternatives to password management begins with the implementation of a robust cyber asset management strategy.”
However, simply taking action can go awry if the action is inappropriate. This means special levels of security. Here Neilson states: “In the context of this incident, the most important thing to consider is that companies have no way of remediating what they cannot see. Given the multi-layer implications between data, assets, applications, and users, companies can only begin to enforce identity and password management policies when they secure full visibility of their attack surface.”
Asa to how this translates in measurable effect, Neilson opines: “Hence, the first step to an effective cyber asset management strategy is taking inventory of all cyber assets hosted within the company’s IT estate. Once all assets are accounted for, enterprises can adopt and enforce more advanced authentication methods and security guardrails. Without this integration, passwords will continue to be used as a fallback, leaving valuable data vulnerable to attacks.”
