Scroll News
  • India
    • National
    • State News
  • World
  • Business
  • Education
  • Entertainment
  • Lifestyle
    • Health & Fitness
    • Fashion & Beauty
    • Travel
    • Food
  • Tech
    • App News
    • Gadgets
  • Auto
  • Others
    • Sports
    • Agriculture
    • Science
    • Astrology
    • Finance/Money
    • Press Release
    • Religion
    • Social Work
No Result
View All Result
  • India
    • National
    • State News
  • World
  • Business
  • Education
  • Entertainment
  • Lifestyle
    • Health & Fitness
    • Fashion & Beauty
    • Travel
    • Food
  • Tech
    • App News
    • Gadgets
  • Auto
  • Others
    • Sports
    • Agriculture
    • Science
    • Astrology
    • Finance/Money
    • Press Release
    • Religion
    • Social Work
No Result
View All Result
Scroll News
No Result
View All Result
Home Business

Postmortem of Uber’s Social Engineering Hack

Scroll News by Scroll News
September 28, 2022
in Business
0
Postmortem of Uber’s Social Engineering Hack
Share on FacebookShare on Twitter

CloudSEK’s contextual AI based digital risk protection platform discovered a threat actor claiming to have compromised Uber, the American mobility service provider. Uber has confirmed the above claims and responded to the incident by stating that it is in contact with law enforcement agencies. Social engineering was employed as an initial attack vector by the threat actor.

The threat actor was able to compromise an employee’s HackerOne account to access vulnerability reports associated with Uber. To demonstrate the legitimacy of the claims, the actor has posted unauthorized messages on the HackerOne page of the company. Moreover, the attacker has also shared several screenshots of Uber’s internal environment including their GDrive, VCenter, sales metrics, Slack, and the EDR portal.

You May Also Like This

Jivanrang: How One Woman’s Childhood Sparked a Movement to Reimagine Eldercare in Urban India

Jivanrang: How One Woman’s Childhood Sparked a Movement to Reimagine Eldercare in Urban India

May 6, 2025
Ceebeedesignstudio: A Homegrown Harmony of Indian Heritage and Luxury Living

Ceebeedesignstudio: A Homegrown Harmony of Indian Heritage and Luxury Living

May 5, 2025
MorningWale Rebrands as ‘The Kirana Next Door’ — A Bold New Chapter in Clean, Everyday Food

MorningWale Rebrands as ‘The Kirana Next Door’ — A Bold New Chapter in Clean, Everyday Food

May 1, 2025

“The Uber Hack is a classic case of failure on multiple levels where Over privilege or privilege mismanagement plays a pivotal role. Eliminating privilege escalation paths or monitoring for access changes in accounts can be initial answers for mitigation, apart from Darkweb and surface web monitoring”, says Abhinav Pandey, Cyber Threat Researcher, Cloudsek.

The actor plausibly employed social engineering techniques as an initial attack vector to compromise Uber’s infrastructure.

After attaining access to multiple credentials, the actor exploited the compromised victim’s VPN access to:

  • Pivot and escalate privileges inside the internal network
  • Scan the internal network(Intranet) for access

Subsequently, the actor gained access to an internal network(Intranet) *.corp.uber.com where the actor got access to a directory, plausibly with a name “share”, which provided the actor with numerous PowerShell scripts that contained admin credentials to the privileged access management system (Thycotic). This enabled the actor with complete access to multiple services of the entity such as Uber’s Duo, OneLogin, AWS, Gsuite Workspace, etc.

This hack had a tremendous impact on Uber starting from the Obfuscation of the application code, hindering the usability of the application, leaked credentials, and access could facilitate multiple account takeovers and leaking of sensitive and critical information of the entity. Equipping malicious actors with details required to launch sophisticated ransomware attacks, exfiltrate data, and maintain persistence, not to mention the reputational damage for Uber.

Mitigation Steps include training employees against social engineering attacks and techniques, implementing a strong password policy and enabling MFA across logins, creating specialized user groups with minimum privileges, closing unused ports, limiting file access, patching vulnerable, and exploitable endpoints, preventing private keys from being shared unencrypted in messaging systems like Slack or WhatsApp.

Singapore headquartered CloudSEK is a contextual AI (Artificial Intelligence) company, founded in 2015, by cybersecurity expert Rahul Sasi, with the aim to construct a future where intelligent machines can emulate human cognition to predict cyber threats even before they occur.

CloudSEK’s central proposition is to leverage AI to build a rapid and reliable detection, analysis, and alert system that offers swift detection across internet sources, precision analysis of threats, and prompt resolution with minimal human intervention.

CloudSEK offers the power of Cyber Crime monitoring, Brand Monitoring, Attack Surface monitoring, and Supply Chain Intelligence to give context to customers’ digital risks. CloudSEK’s single unified dashboard allows customers to triage and visualize all their digital threats in one place. CloudSEK also offers workflows and integrations to manage and remediate the identified threats.

Tags: American mobility service providerAttack Surface monitoringBrand MonitoringCloudSEKcontextual AI (Artificial Intelligence) companyCyber Crime monitoringcybersecurity expert Rahul Sasidigital risk protection platformHackerOneSupply Chain IntelligenceUberUber Hack
ShareTweetShareShareSendSend
Previous Post

Dr. Geomcy George – Top emerging healthcare leader who is making a difference in the lives of many

Next Post

Cycle Pure launches pujaroom.com to provide a premium puja experience

Related Posts

Jivanrang: How One Woman’s Childhood Sparked a Movement to Reimagine Eldercare in Urban India
Business

Jivanrang: How One Woman’s Childhood Sparked a Movement to Reimagine Eldercare in Urban India

May 6, 2025
Ceebeedesignstudio: A Homegrown Harmony of Indian Heritage and Luxury Living
Business

Ceebeedesignstudio: A Homegrown Harmony of Indian Heritage and Luxury Living

May 5, 2025
MorningWale Rebrands as ‘The Kirana Next Door’ — A Bold New Chapter in Clean, Everyday Food
Business

MorningWale Rebrands as ‘The Kirana Next Door’ — A Bold New Chapter in Clean, Everyday Food

May 1, 2025
Ice Cream Works Launches Exciting New Line of Popsicles and Ice Cream Bars — All at Just ₹99
Business

Ice Cream Works Launches Exciting New Line of Popsicles and Ice Cream Bars — All at Just ₹99

May 1, 2025
LOGOUT: Empowering Experience Creators with AI-Powered Chat-Commerce
Business

LOGOUT: Empowering Experience Creators with AI-Powered Chat-Commerce

April 29, 2025
Delhi Gets a New Standard in Car Care with The Detailing Gang’s Grand Launch
Business

Delhi Gets a New Standard in Car Care with The Detailing Gang’s Grand Launch

April 29, 2025
Next Post
Cycle Pure launches pujaroom.com to provide a premium puja experience

Cycle Pure launches pujaroom.com to provide a premium puja experience

Diquery Digital, has been recognised by CustomFit. ai as one of the Top 20 Digital Marketing Agencies in India

Diquery Digital, has been recognised by CustomFit. ai as one of the Top 20 Digital Marketing Agencies in India

5 emerging leaders in the fintech and lending space in India

5 emerging leaders in the fintech and lending space in India

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Sterling Accuris Diagnostics receives ICMR approval for its lab in Delhi for COVID-19 testing

5 years ago

Leena AI raises $8M in series A funding to revolutionize employee experience

5 years ago
Rising Indie Music releases debut single ‘Shaamein’ starring Choreographer Kinnari Dama in her acting debut

Rising Indie Music releases debut single ‘Shaamein’ starring Choreographer Kinnari Dama in her acting debut

2 years ago

Study could help beat multi-drug resistance

4 years ago

Categories

  • Agriculture
  • App News
  • Astrology
  • Auto
  • Business
  • Education
  • Entertainment
  • Fashion & Beauty
  • Finance/Money
  • Food
  • Gadgets
  • Health & Fitness
  • Lifestyle
  • National
  • Photography
  • Politics
  • Press Release
  • Religion
  • Science
  • Social Work
  • Sports
  • State News
  • Tech
  • Travel
  • World

Topics

Ace Entrepreneur actor Artificial intelligence Bengaluru Blockchain technology BRICS CCI Content Creator COVID-19 Cryptocurrency CSIR DBT Delhi Digital Marketing DST Dubai Education entrepreneur entrepreneurship Fairplay Gujarat Gurugram Hyderabad IIT Delhi India Indian Institute of Technology Influencer Influencerquipo innovation Kingston Technology K Raheja Corp Homes memory products and technology solutions Mumbai Music Industry pandemic photography producer Pune real estate research Shan Se Entertainment Shantanu Bhamare social media Surat technology TTK Prestige
No Result
View All Result

Highlights

1win announces global partnership with boxing champion Canelo Álvarez

MorningWale Rebrands as ‘The Kirana Next Door’ — A Bold New Chapter in Clean, Everyday Food

Ice Cream Works Launches Exciting New Line of Popsicles and Ice Cream Bars — All at Just ₹99

LOGOUT: Empowering Experience Creators with AI-Powered Chat-Commerce

Veranda Expands to Khar: A New Chapter in Modern Indian Dining

Delhi Gets a New Standard in Car Care with The Detailing Gang’s Grand Launch

Trending

Inspired by True Events, Bela: Gujarati Urban Film Reveals the Hidden Faces of Injustice
Entertainment

Inspired by True Events, Bela: Gujarati Urban Film Reveals the Hidden Faces of Injustice

by Scroll News
May 10, 2025
0

Surat, (Gujarat), : Bela: Gujarati Urban Film is all set to redefine the narrative of Gujarati cinema...

Jivanrang: How One Woman’s Childhood Sparked a Movement to Reimagine Eldercare in Urban India

Jivanrang: How One Woman’s Childhood Sparked a Movement to Reimagine Eldercare in Urban India

May 6, 2025
Ceebeedesignstudio: A Homegrown Harmony of Indian Heritage and Luxury Living

Ceebeedesignstudio: A Homegrown Harmony of Indian Heritage and Luxury Living

May 5, 2025
1win announces global partnership with boxing champion Canelo Álvarez

1win announces global partnership with boxing champion Canelo Álvarez

May 3, 2025
MorningWale Rebrands as ‘The Kirana Next Door’ — A Bold New Chapter in Clean, Everyday Food

MorningWale Rebrands as ‘The Kirana Next Door’ — A Bold New Chapter in Clean, Everyday Food

May 1, 2025
  • About Us
  • Advertise
  • Contact Us
  • DMCA
  • Follow on Google News

© 2022 Scroll News

No Result
View All Result
  • About Us
  • Advertise
  • Contact Us
  • DMCA
  • Home
  • Privacy Policy

© 2022 Scroll News