What Uber’s Recent Security Breach Means to Your Organization
Incident Summary
In a story that has been covered widely, it’s been revealed that Uber suffered a major security breach as a result of a social engineering attack.
Utilizing leaked credentials, a threat actor, who claimed to be just 18 years old, was reportedly able to persuade an Uber employee to allow authentication to the VPN after identifying himself as a member of Uber’s corporate information technology team via a message on WhatsApp.
As a result of the initial access breach the attacker was able to access highly confidential internal systems and gain administrative control of Uber’s cloud services from Amazon Web Services and Google Cloud.
Thus far, because of the intrusion, Uber has had to shut down online access to its internal communication and engineering systems. Though the post-incident investigation is ongoing, experts note that there is no way for Uber to confirm specifically what data has been accessed or altered since the attackers had access to logging systems which would have allowed them to delete or alter access logs.
While the long-term impact of the breach is unclear, it’s worth noting that a previous more limited breach in 2016 resulted in a $148 million dollar settlement.
More Incident Information:
Uber Investigating Breach of Its Computer Systems
InnerCircle Client Guidance
This attack, as well as the recent string of incidents against other publicly traded companies such as Twilio, Cloudflare, Cisco, and LastPass, illustrates how social engineering continues to be a persistent problem for the world’s largest organizations. The weakest link exploited in this breach, an employee who doesn't carefully adhere to security protocols, can severely impact any sized organization, including yours. This is especially true in the new “work from anywhere” world - where employees are more vulnerable to tactics like social engineering.
While technical protections are important, the Uber attack underscores the importance of a holistic cyber security plan. Specifically, it highlights the importance of non-technical protections like employee awareness training. Regularly reviewing your organization’s employee awareness training program to confirm it properly addresses current threats as well ensuring that it’s appropriately scoped to the sophistication level of your employees is vital.
Continually emphasizing the importance of employing unique and strong passwords as well as careful authorization of multifactor authentication requests can save your organization from suffering a similar breach.
How We Can Help
As a trusted advisor we aim to protect our clients with layered defenses that include both technical tools as well as consultative assistance.
While requiring protections like strong passwords and multifactor authentication is important, it’s clear that a technical approach alone isn’t enough. If you are looking to be as prepared for an incident as possible, having a regularly reviewed and updated cyber security plan is key.
Here are 5 ways our team can help ensure your organization is as cyber ready as possible:
Identify Risk – Work to identify the top security threats to your organization
Review Defenses - Review your existing cyber security policies, procedures, and employee training requirements
Assess Maturity - Determine if your existing program adequately addresses your identified top security threats
Certify Compliance - Identify whether existing protections match security expectations and comply with industry regulations
Ensure Preparedness – Organize a formal Incident Response Plan (IRP) along with a testing schedule
Should you have questions about your organization’s posture or want to discuss opportunities for improvement please reach out to us. We are here to provide you with guidance as well as effective solutions needed to protect your organization from future attacks.