Freely subscribe to our NEWSLETTER

“Big digital businesses like Uber are valuable targets for cyber attacks because of the vast amount of sensitive customer data that they hold which hackers can monetize. Whilst not confirmed, there’s a high chance that hackers have extracted data such as credit card details and payroll information. From initial analysis, it looks like the data of both drivers and customers has been compromised.

This is another example of a relatively simple attack causing a big incident and potentially huge reputational damage for the victim organisation. The attacker social engineered an employee to gain access to the network via VPN. Once in, they were able to find hard coded passwords in scripts and then used them to infiltrate several parts of the network. This includes gaining access to their admin management tools as well as several databases. This raises some red flags. One is that a single hard coded password has been used to access their privileged access management (PAM) system, giving access to any area of the IT environment that links to it. Another issue is that two factor authentication appears not to have been used on the VPN otherwise the credentials alone would not have granted access. It can be particularly dangerous when attackers enter a network with a valid password like this because it’s difficult to distinguish their movements from legitimate user activity.

This should serve as a reminder that having high levels of cyber hygiene can help prevent the more straightforward attack methods from being successful. As part of this effort, IT teams need to know where their most sensitive data sits at all times in order to effectively protect it. Having full visibility of the corporate network to identify devices that may have been compromised and then fix them quickly is also vital.”