27 September 2022
Recently UBER, the ride sharing company, was breached “..to the core.” https://www.infoq.com/news/2022/09/Uber-breach-mfa-fatigue/ & https://blog.avast.com/uber-hack This follows breach in 2016 they also suffered an event like this. What’s interesting to me were two things: 1) the social engineering used to gain initial access and more critically 2) the file with the elevated passwords.
Social engineering is still an effective way to gain access to a company’s networks. Consider the increase in the use of MFA Fatigue Attacks – https://arcticwolf.com/resources/blog/growing-risk-of-mfa-fatigue-attacks/#:~:text=MFA%20fatigue%20refers%20to%20the,brute%20forcing%2C%20or%20password%20spraying. Let’s face it, a weak link is the human factor. That’s difficult to contain due to the variable nature of human interaction. You can train and train folks and things still happen.
Defense in depth (https://www.fortinet.com/resources/cyberglossary/defense-in-depth#:~:text=Defense%20in%20depth%20is%20a,are%20stopped%20along%20the%20way.) and Zero Trust Networks (https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture) are designs meant to still protect even if one layer, such as human interaction, fails to prevent an attacker from getting through a defense.
The main issue to watch on this one is one of the hardest to defend against – people. In this case, the attacker was able to use the credentials they gained through social engineering of a regular, run of the mill account. But people in this case decided to save a “pot of gold” in the form of an under protected file containing credentials for a privileged account.
If you’d like to check if you’ve been exposed in this or any other breach, check out https://haveibeenpwned.com/