2022 Uber Breach Explained | How did Uber get hacked by an 18 year old?
HTML-код
- Опубликовано: 21 авг 2024
- A #CISOlife overview of the public information of the 2022 Uber Breach by Brian Haugli, CEO, SideChannel.
Brian presents an explanation and graphical review of how the supposed 18 year old attacker breached Uber. The info released so far shows a series of steps:
[2:00] Social Engineering of Employee
[2:30] MFA SMS Push Flood
[2:40] Pretends to be an IT Help Desk from Uber
[3:05] Log into VPN
[3:30] Internal scanning for more data
[4:00] Finds hardcoded password in Powershell script
[4:25] Access Privilege Access Management (PAM) - Thycotic
[5:00] Access to other services; AWS, GCP, Slack, SentinelOne, HackerOne, etc
[6:30] Breakdowns in controls and security that could lead to this breach
#cisolife
Follow us -
Website - sidechannel.com
Podcast - anchor.fm/ciso...
LinkedIn - / sidechannelsecurity
Twitter / X - / sidechannelsec
Good breakdown. Hopefully others will learn from it.
I hope so too
Great video, Great explanation. Annoying sound of marker on board.
Thanks! Sorry about the marker.
Wait, are you just really good at writing backwards? Or did you just flip the video? Either way it’s a very unique way to do this video, despite ppl complaining about marker noises. Lol.
That said, a lapel mic would probably isolate your voice better.
Thanks! We just upgraded the studio mic to a Shure MV7
awesome breakdown. thanks for this
After the multiple push notification, was the victim accepted it?
This was an amazing video. Great beginner breakdown. Subbed for future content!
Awesome, thank you!
Good explanation. How did the attacker get a good password to authenticate with in order to generate a push for the sms second factor?
We don't have info on that, some sources report it was from a previous leak or database of usernames/passwords
He got the employee credentials from an access broker online, and the brokers get them from breaches and the occasional employee selling access
What device they VPN from? And if it was the hacker’s device was there any VPN vulnerability.. I thought we needed a cert or some kind of vpn control.
Awesome thank you for sharing.
Thanks for watching!
That was very well explained but as far as like the drivers for them what effect does it have on them because I am one of their drivers and because of this breach I'm not even sure if I want to hop online as they call it
Doesn't seem to effect drivers that we know of.
Well explained that
Thank you!
Has there been any discussion on how the attacker got the users credentials to start the MFA push ?
\
How did the attacker get the employees contact?
That's not known at this time
so uber never do VA?? a clear text password store for such sensitive platform..
Great video and that, but please get a better mic and/or a better studio. It sounds like your in a aquarium xD
Thanks, it's always a work in progress!