{"id":2793,"date":"2022-09-28T13:16:17","date_gmt":"2022-09-28T13:16:17","guid":{"rendered":"https:\/\/www.nebrcentre.co.uk\/?p=2793"},"modified":"2022-09-28T13:16:17","modified_gmt":"2022-09-28T13:16:17","slug":"uber-victim-of-severe-cyber-security-breach","status":"publish","type":"post","link":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/uber-victim-of-severe-cyber-security-breach\/","title":{"rendered":"Uber: Victim of Severe Cyber Security Breach"},"content":{"rendered":"\n<p><a href=\"https:\/\/www.nytimes.com\/2022\/09\/15\/technology\/uber-hacking-breach.html\">Uber has&nbsp;recently&nbsp;reported being a victim of a severe cyber security&nbsp;attack<\/a>&nbsp;by hacker group Lapsus$, the&nbsp;perpetrator&nbsp;having also potentially&nbsp;been&nbsp;linked to other recent attacks&nbsp;on&nbsp;<a href=\"https:\/\/www.videogameschronicle.com\/news\/uber-in-contact-with-the-fbi-over-potential-gta-6-hacker\/\">Rockstar, Microsoft, and T-Mobile.<\/a><\/p>\n\n\n\n<p>The company revealed that the hacker gained access to internal systems through a technique called&nbsp;<a href=\"https:\/\/dxc.com\/us\/en\/insights\/perspectives\/report\/dxc-security-threat-intelligence-report\/april-2022\/don-t-fall-for-mfa-prompt-bombing\">\u201cMFA Bombing.\u201d<\/a>&nbsp;Using social engineering techniques, this method of&nbsp;attack&nbsp;can include:<\/p>\n\n\n\n<p>\u27a2&nbsp;Spamming&nbsp;a team with lots of MFA&nbsp;(multi-factor authentication)&nbsp;requests until the victim accepts&nbsp;one to make it stop.<\/p>\n\n\n\n<p>\u27a2&nbsp;Sending one or two MFA requests per day that have a&nbsp;slight&nbsp;chance of being accepted.<\/p>\n\n\n\n<p>\u27a2&nbsp;Calling the target&nbsp;using an alternate identity and telling them that they need to send an MFA request as part of a company process.<\/p>\n\n\n\n<p>It is believed that the&nbsp;perpetrator&nbsp;purchased&nbsp;login details on the dark&nbsp;web but&nbsp;was stopped by two-factor authentication.&nbsp;However, using social engineering techniques and MFA bombing,&nbsp;the contractoraccepted an&nbsp;authentication request, granting the hacker access to&nbsp;internal data.<\/p>\n\n\n\n<p>The hacker reportedly has full access to Uber\u2019s systems, forcing&nbsp;many internal systems \u2013 including communications and engineering \u2013 to go offline.&nbsp;Investigations are currently underway to determine the full scale of the breach and damage to the firm.&nbsp;<\/p>\n\n\n\n<p>If you are concerned about MFA bombing and social engineering methods used by cyber hackers, please get in touch with us at&nbsp;<a href=\"mailto:enquiries@nebrcentre.co.uk\">enquiries@nebrcentre.co.uk<\/a><\/p>\n\n\n\n<p>To stay up to date with the latest cyber threats and security updates, why not sign up for our\u00a0<a href=\"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/core-membership-sign-up\/\">free core membership?<\/a><\/p>\n\n\n\n<p>The&nbsp;<a href=\"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/\">NEBRC<\/a>&nbsp;is a non-profit organisation that seeks to&nbsp;<a href=\"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/services\/\">educate, inform, and support<\/a>&nbsp;businesses across the UK on how to stay safe online from fraud and cyber threats through strong cyber security strategies.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Uber has&nbsp;recently&nbsp;reported being a victim of a severe cyber security&nbsp;attack&nbsp;by hacker group Lapsus$, the&nbsp;perpetrator&nbsp;having also potentially&nbsp;been&nbsp;linked to other recent attacks&nbsp;on&nbsp;Rockstar, Microsoft, and T-Mobile. The company&#8230;<\/p>\n","protected":false},"author":1,"featured_media":7796,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[13],"tags":[],"class_list":["post-2793","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"acf":[],"_links":{"self":[{"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/posts\/2793","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/comments?post=2793"}],"version-history":[{"count":0,"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/posts\/2793\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/media?parent=2793"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/categories?post=2793"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/tags?post=2793"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}