While details of Uber’s recent breach continue to unfold, it seems like the general narrative of this attack is already becoming clear. Companies typically tend to hide details about how they have been breached, and Uber is no different. Interestingly enough, however, the hacker who carried out the attack provided detailed information on the turn of events, as published by SC Media. Every cyber attack has a story to tell including this latest one to victimize Uber. Let’s look at what happened, the sequence of events (the kill chain) leading to the attack’s dire outcome, and most importantly, what we can learn from it to better protect our corporate networks.
The road leading to the breach
It all started, as many breaches do, with a phishing attack aimed at gaining Uber employee credentials. Once the hacker obtained the credentials, he used them to access the corporate VPN and gain access to Uber’s internal network. Roaming freely within the network, the hacker was able to locate script files containing admin-level credentials, which were then used to access numerous Uber systems containing sensitive information.
What went wrong and what can we learn from it?
Let’s look at the flow of events to see how this attack could have been prevented:
Corporate users and networks are at constant risk of being targeted by malicious actors. As hacking techniques are become more sophisticated and breaches become more devastating, companies should always look for ways to improve their security posture. A good start is to better-educate employees about the cybersecurity risks lurking around them, by seeking to adopt improved security best practices, and by implementing advanced security tools to help prevent, detect and mitigate cybersecurity risks.
Book a demo with Perimeter 81 today to ZTNA in action.