THE Uber suffered a hacker attack last Thursday (15). Initially, the employees treated the action as a joke, but the situation, in fact, is far from it. In a statement, the company pointed out the group lapse $ as one of the likely culprits.
“We believe that this agent (or agents) are linked to a hacking group called Lapsus$, which has been gradually increasing its activity over the past year or so,” the text reads. “The group often uses similar techniques, targeting tech companies. Only in 2022 did he invade MicrosoftCisco, Samsung, Nvidia and Okta, among others.”
In addition to the attacks listed by Uber, an episode involving Lapsus$ was notable for us Brazilians. At the end of 2021, the systems of the Ministry of Health were invaded, which prevented the issuance of vaccination certificates by the ConectSUS application. The group claimed responsibility for the attack.
Uber says it works with digital investigation companies, the FBI and the US Department of Justice to find out who was responsible for the hack.
In addition, the company says it took some steps in response to the attack, such as blocking employee accounts that may have been compromised, disabling potentially affected internal tools, resetting access to internal services, and blocking access to the codebase.
Uber employees thought it was a joke
The invasion took place on Thursday (15). The attacker sent a message on the company’s Slack. The employees, however, thought it was a joke and reacted with funny emojis.
Early information shows that the attacker was able to access Uber’s Amazon Web Services (AWS) account console, VMware ESXi virtual machines, and a Google Workspace dashboard, among others.
Uber’s services were not compromised and continued to function at all times. The company also guarantees that users’ personal information has not been obtained, and reinforces that payment and health data are encrypted.
However, there is a risk that the attacker has accessed information about the HackerOne program.
This program pays people who encounter security issues on Uber’s platforms. If the hacker gained access to it, they may have found information about vulnerabilities that have yet to be patched, putting the company at risk of more attacks in the near future.
According to Uber, the invasion took place on the account of a third-party employee. The company believes the password was purchased on the dark web and obtained through malware installed on the employee’s personal device.
At some point, this person accepted one of the many authorization requests from the two-factor authentication system, paving the way for the attack. This hacking method, called Multi-Factor Authentication Bombingis typical of Lapsus$.
With information: Uber.