• Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms & Conditions
Flyy Tech
  • Home
  • Apple
  • Applications
    • Computers
    • Laptop
    • Microsoft
  • Security
  • Smartphone
  • Gaming
  • Entertainment
    • Literature
    • Cooking
    • Fitness
    • lifestyle
    • Music
    • Nature
    • Podcasts
    • Travel
    • Vlogs
  • Camera
  • Audio
No Result
View All Result
  • Home
  • Apple
  • Applications
    • Computers
    • Laptop
    • Microsoft
  • Security
  • Smartphone
  • Gaming
  • Entertainment
    • Literature
    • Cooking
    • Fitness
    • lifestyle
    • Music
    • Nature
    • Podcasts
    • Travel
    • Vlogs
  • Camera
  • Audio
No Result
View All Result
Flyy Tech
No Result
View All Result

Attacker Apparently Didn’t Have to Breach a Single System to Pwn Uber

flyytech by flyytech
September 17, 2022
Home Security
Share on FacebookShare on Twitter



Questions are swirling around Uber’s internal security practices after an 18-year-old hacker gained what appears to have been complete administrative access to critical parts of the company’s IT infrastructure using an employee’s VPN credentials as an initial access vector.

Numerous screenshots that the alleged attacker posted online suggest the intruder did not have to breach a single internal system to essentially pwn the ride-sharing giant’s IT domain almost entirely.

So far, Uber has not disclosed details of the incident beyond saying that the company is responding to it and working with law enforcement to investigate the breach. So, at least some of what is being is reported about the incident is based on a New York Times report from Sept. 15 in which the teen claimed to have gained access to Uber’s internal networks using credentials obtained from an employee via social engineering. The attacker used that access to move laterally across Uber’s internal domain to other critical systems, including its email, cloud storage, and code repository environments.

Since then, he has posted numerous screen shots of internal systems at Uber to confirm the access he had obtained on it and how it was obtained.

The screenshots show the hacker gained full administrative access to Uber’s AWS, Google Cloud, VMware vSphere, and Windows environments — as well as to a full database of vulnerabilities in its platform that security researchers have discovered and disclosed to the company via a bug bounty program managed by HackerOne. The internal data the attacker accessed appears to include Uber sales metrics, information on Slack, and even info from the company’s endpoint detection and response (EDR) platform.

In a tweet thread that some security researchers reposted, Twitter user Corben Leo posted claims from the alleged hacker that he used the socially engineered credentials to access Uber’s VPN and scan the company’s intranet. The hacker described finding an Uber network share that contained PowerShell scripts with privileged admin credentials. “One of the PowerShell scripts contained the username and password for an admin user in Thycotic (PAM). Using this I was able to extract secrets for all services, DA, Duo, OneLogin, AWS, GSuite,” the attacker claimed.

For now, the attacker’s motivations are not very clear. Normally, it’s pretty apparent, but the only thing that hacker has done so far is make a lot of noise, noted that Uber drivers should be paid more, and shared screenshots proving access.

“They seemed really young and maybe even a little sloppy. Some of their screenshots had open chat windows and a ton of metadata,” says Sam Curry, a security engineer at Yuga Labs who has reviewed the screenshots,

Pure-Play Social Engineering

Invincible Security Group (ISG), a Dubai-based security services firm, claimed that its researchers had obtained a list of administrative credentials that the threat actor had gathered. “They seem to be strong passwords, which confirms that it was indeed a social-engineering attack that got him access to Uber’s internal network,” ISG tweeted.

Curry tells Dark Reading that the attacker appears to have gained initial access from compromising one employee’s login information and social engineering that person’s VPN two-factor authentication 2FA prompt.

“Once they had VPN access, they discovered a network drive with ‘keys to the kingdom,’ which allowed them to access [Uber’s] cloud hosting as root on both Google Cloud Platform and Amazon Web Services,” Curry notes. “This means they probably had access to every cloud deployment, which is likely the majority of Uber’s running applications and cloud storage.”

One significant fact is that the employee who was initially compromised worked in incident response, he notes, adding that normally such employees have access to many more tools within Uber’s environment than average employees. 

“Having this level of access, and additionally the access they found in the PowerShell script, means that they probably didn’t have too many limitations to do whatever they wanted inside Uber,” Curry says.

In a series of tweets, independent security researcher Bill Demirkapi said the attacker appears to have gained persistent MFA access to the compromised account at Uber “by socially engineering the victim into accepting a prompt that allowed the attacker to register their own device for MFA.”

“The fact that the attackers appear to have compromised an IR team member’s account is worrisome,” Demirkapi tweeted. “EDRs can bake in ‘backdoors’ for IR, such as allowing IR teams to ‘shell into’ employee machines (if enabled), potentially widening the attacker’s access.”

Bug Bounty Data Access is “Problematic”

The apparent fact that the attacker gained access to Uber vulnerability data submitted via its bug bounty program is also problematic, security experts say. 

Curry says he learned of the access after the hacker posted a comment about Uber being hacked on the company’s bug bounty tickets. Curry had previously discovered and submitted a vulnerability to Uber, which if exploited would have permitted access to its code repositories. That bug was addressed, but it’s unclear how many of the other vulnerabilities that have been disclosed to the company have been fixed, how many of them were unpatched, and what level of access those vulnerabilities could provide if exploited. The situation could become significantly worse if the hacker sells the vulnerability data to others.

“Bug bounty programs are an important layer in mature security programs,” says Shira Shamban, CEO at Solvo. “A main implication here is that the hacker now knows about other vulnerabilities within the Uber IT environment and can use them to set up backdoors for future use, which is unsettling.”

Vulnerability and pen-testing tools are important in enabling companies to better assess and improve the security postures, says Amit Bareket, CEO and co-founder of Perimeter 81. “However, if the correct security measures aren’t put in place, these tools can turn into double-sided swords, enabling bad actors to take advantage of the sensitive information they may contain,” he says. 

Companies should be aware of this and make sure such reports are protected and stored in encrypted form to avoid being misused for malicious intent, Bareket notes.

The latest incident is unlikely to do much to improve Uber’s already somewhat dinged reputation for security. In October 2016, the company experienced a data breach that exposed sensitive information on some 57 million riders. But instead of disclosing the breach as it was required to, the company paid $100,000 to the security researchers that reported the breach in what was viewed as an attempt to pay them off. In 2018, the company settled a lawsuit over the incident for $148 million. It arrived at similar but much smaller settlements in lawsuits over the incidents in the UK and the Netherlands.





Source_link

flyytech

flyytech

Next Post
The 6 best Samsung phones of 2022

The 6 best Samsung phones of 2022

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

“Ethical hacker” amongst those arrested in Dutch ransomware investigation

“Ethical hacker” amongst those arrested in Dutch ransomware investigation

February 27, 2023
Lazarus Group Rises Again, to Gather Intelligence on Energy, Healthcare Firms

Lazarus Group Rises Again, to Gather Intelligence on Energy, Healthcare Firms

February 2, 2023

Trending.

Review: Zoom ZPC-1

Review: Zoom ZPC-1

January 28, 2023
Image Creator now live in select countries for Microsoft Bing and coming soon in Microsoft Edge

Image Creator now live in select countries for Microsoft Bing and coming soon in Microsoft Edge

October 23, 2022
Elden Ring best spells 1.08: Tier lists, sorceries, incantations, and locations

Elden Ring best spells 1.08: Tier lists, sorceries, incantations, and locations

January 14, 2023
Allen Parr’s false teaching examined. Why you should unfollow him.

Allen Parr’s false teaching examined. Why you should unfollow him.

September 24, 2022
How to View Ring Doorbell on a Roku TV

How to View Ring Doorbell on a Roku TV

December 20, 2022

Flyy Tech

Welcome to Flyy Tech The goal of Flyy Tech is to give you the absolute best news sources for any topic! Our topics are carefully curated and constantly updated as we know the web moves fast so we try to as well.

Follow Us

Categories

  • Apple
  • Applications
  • Audio
  • Camera
  • Computers
  • Cooking
  • Entertainment
  • Fitness
  • Gaming
  • Laptop
  • lifestyle
  • Literature
  • Microsoft
  • Music
  • Podcasts
  • Review
  • Security
  • Smartphone
  • Travel
  • Uncategorized
  • Vlogs

Site Links

  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms & Conditions

Recent News

What are ChatGPT plugins? Here’s everything you need to know

What are ChatGPT plugins? Here’s everything you need to know

March 24, 2023
New DPA Pencil Mics — AudioTechnology

New DPA Pencil Mics — AudioTechnology

March 24, 2023

Copyright © 2022 Flyytech.com | All Rights Reserved.

No Result
View All Result
  • Home
  • Apple
  • Applications
    • Computers
    • Laptop
    • Microsoft
  • Security
  • Smartphone
  • Gaming
  • Entertainment
    • Literature
    • Cooking
    • Fitness
    • lifestyle
    • Music
    • Nature
    • Podcasts
    • Travel
    • Vlogs

Copyright © 2022 Flyytech.com | All Rights Reserved.

What Are Cookies
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT