Uber has suffered yet one more high-profile information leak that uncovered delicate worker and firm information. This time, attackers breached the corporate by compromising an Amazon Internet Providers (AWS) cloud server utilized by a 3rd get together that gives Uber with asset administration and monitoring companies.
The incident occurred over the weekend, when a menace actor named “UberLeaks” started posting information they claimed was stolen from Uber and Uber Eats. The info turned up on the BreachForums hacking discussion board, the successor of now-defunct RaidForums, media retailers reported, and included worker electronic mail addresses, company experiences, and IT asset info stolen.
Hackers posted various archives that they mentioned are source-code related to numerous cellular machine administration (MDM) platforms utilized by Uber, in addition to by Uber Eats and third-party vendor companies, in response to experiences. Whereas no person info seems to have been compromised within the breach — which seems to completely have affected company property — the private info of 77,000 Uber staff was leaked.
Hacker Breaches Tequivity AWS ServerÂ
Uber acknowledged the incident and pointed the media to a breach notification by an organization known as Tequivity, which it makes use of for asset administration and monitoring companies.
Tequivity defined that “buyer information was compromised” because of “unauthorized entry” to the corporate’s methods by “a malicious third get together,” in accordance Tequivity’s launch. Particularly, attackers gained entry to the corporate’s AWS backup server, which homes code and information recordsdata associated to Teqtivity prospects, the corporate mentioned.
It is unclear if that entry was because of a misconfiguration of the cloud bucket, or if there was an precise compromise accountable.
Info uncovered by the assault included info housed on numerous Uber staff’ IT units, together with serial quantity, make, fashions, and technical specs, in addition to worker info, together with first and final names, work electronic mail addresses, and work location particulars, in response to Teqtivity.
Teqtivity has notified affected prospects and is at present investigating in addition to working to comprise the incident, in response to the notification. It is unclear if the breach impacts different firms past Uber.
Ongoing Safety Points
This newest incident is certainly not Uber’s first rodeo on the subject of information breaches, as the corporate has skilled a number of extremely publicized incidents over the previous a number of years which have had important ramifications for the corporate.
In truth, a earlier third-party breach that occurred in 2016 and uncovered the information of some 57 million prospects and drivers was an absolute public-relations nightmare for Uber, the consequences of that are nonetheless being felt.
That incident — through which attackers additionally gained entry to Uber information saved in third-party cloud storage — resulted within the firing of its now-former CISO Joe Sullivan after it was found that the corporate engaged in a cover-up of the incident. Sullivan was even discovered responsible in federal court docket on fees associated to the incident in October.
Uber additionally skilled a major breach in September and was pressured to take a few of its operations offline because of the compromise of its personal inner methods, when an attacker socially engineered his means into an worker’s VPN account earlier than pivoting deeper into the community.
Is the Lapsus$ Gang Liable for the Uber Breach?
Whereas no specific menace group has claimed duty or has but been discovered to be the responsible get together behind the most recent breach, there are some preliminary clues that tie the incident to the well-known cybercriminal extortion group Lapsus$.
The submit on BreachForums concerning the Uber leak reportedly mentions the menace group, whereas Lapsus$ is believed to be chargeable for the Uber September breach as nicely, Robert Ames, menace researcher from SecurityScorecard, tells Darkish Studying.
Ames additionally notes the duty of Lapsus$ for a January incident at Okta, one other “main third-party service for a lot of corporations,” as a possible clue that the menace group is also at play right here. That incident was decided to have affected about 366 Okta prospects, the firm acknowledged.
Lapsus$ went quiet round July after a spate of incidents earlier within the yr together with not solely the one in opposition to Okta, but additionally assaults on Microsoft and Nvidia. Its duty for the September assault on Uber may very well be an indication of one other flurry of exercise from the menace group, specialists say.
Time to Handle Third-Celebration and Cloud Cybersecurity Danger
Irrespective of who’s accountable, the most recent Uber incident, just like the one in 2016, as soon as once more highlights the third-party danger that each one enterprises face when accomplice firms are chargeable for or have entry to company information and property, safety specialists say.
A core problem is that many organizations do not safe third-party entry to inner information in the identical means they safe it inside group IT property, which leaves that information unnecessarily uncovered to exterior threats, Ames says.
“Distributors and different third-parties are sometimes granted the identical entry as staff however with fewer safety measures, making them a weak hyperlink and due to this fact a preferred goal for menace actors,” he says. “When hackers entry a 3rd get together’s methods, they’ll entry no matter information that system shops, even when it belongs to different organizations.”
Certainly, this is a matter not distinctive to Uber, however one which demonstrates that “firms in every single place should higher prioritize their cybersecurity measures,” particularly on the subject of third events, Stephan Chenette, co-founder and CTO at AttackIQ, says.
Some methods firms can do that embody mapping organizational capabilities and safety controls to particular assault situations to measure their preparedness to detect, stop, and reply to those threats, he says.
“They need to additionally constantly consider their current safety controls to uncover gaps earlier than a hacker finds and exploits any weaknesses,” Chenette says.
Enterprises additionally must be constantly monitoring their particular third-party cybersecurity posture to scale back the chance of assaults, Ames says. This may assist give them a extra full image of their total assault floor as they search methods to achieve visibility into potential and current vulnerabilities.
Ames provides that taking part in tabletop workouts and menace emulation to make sure that safety directors and staff alike are accustomed to countering and responding to menace actors additionally can assist organizations higher reply to third-party threats.
