• Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms & Conditions
Flyy Tech
  • Home
  • Apple
  • Applications
    • Computers
    • Laptop
    • Microsoft
  • Security
  • Smartphone
  • Gaming
  • Entertainment
    • Literature
    • Cooking
    • Fitness
    • lifestyle
    • Music
    • Nature
    • Podcasts
    • Travel
    • Vlogs
  • Camera
  • Audio
No Result
View All Result
  • Home
  • Apple
  • Applications
    • Computers
    • Laptop
    • Microsoft
  • Security
  • Smartphone
  • Gaming
  • Entertainment
    • Literature
    • Cooking
    • Fitness
    • lifestyle
    • Music
    • Nature
    • Podcasts
    • Travel
    • Vlogs
  • Camera
  • Audio
No Result
View All Result
Flyy Tech
No Result
View All Result

Lapsus$ Targeted External Contractor With MFA Bombing Attack

flyytech by flyytech
September 20, 2022
Home Security
Share on FacebookShare on Twitter



Uber has attributed last week’s massive breach at Uber to the notorious Lapsus$ hacking group and released additional details on the attack. Researchers say the incident has highlighted the risks that can come from trusting too much in multifactor authentication (MFA), as well as unmanaged risk around cloud-service adoption.

In an update on Monday, Uber laid out the attribution: “We believe that this attacker (or attackers) are affiliated with a hacking group called Lapsus$, which has been increasingly active over the last year or so.” Uber’s announcement pointed to other companies that had been targeted by the notorious gang via similar techniques, including Cisco, Microsoft, Nvidia, Okta, and Samsung,

Lapsus$ has attracted considerable attention in recent months for its brazen attacks on some of the world’s largest and well-known companies. One well-known tactic that the group has been known to use is co-opt MFA-circumventing tools into its attack chain.

And indeed, Uber on Monday said the attacker who breached its network last week had first obtained the VPN credentials of an external contractor,
likely by purchasing them on the Dark Web. The attacker then repeatedly tried to log in to the Uber account using the illegally obtained credentials, prompting a two-factor login approval request each time. 

After the contractor initially blocked those requests, the attacker contacted the target on WhatsApp posing as tech support, telling the person to accept the MFA prompt — thus allowing the attacker to log in.

“The Uber breach appears to be a result of an MFA fatigue attack, also referred to as an MFA bombing attack,” says Duncan Greenwood, CEO of Xage. “It’s a technique in which hackers send multiple authentication approval requests to a secondary device like a mobile phone, in hopes that a user unintentionally provides access, or grows so frustrated that they eventually approve a request.” 

Remediation Process Begins

Once in, the attacker breached multiple internal systems, and Uber is currently in the process of doing an impact analysis, the company said: “The attacker accessed several other employee accounts, which ultimately gave the attacker elevated permissions to a number of tools, including G-Suite and Slack.”

The company said the attacker does not appear to have made any changes to its codebase, nor does he appear to have access to any customer or user data stored by cloud providers. The attacker did appear to have downloaded some internal Slack messages and accessed or downloaded an internal tool that Uber’s finance team uses to manage invoices. Though the attacker also accessed a database of vulnerability disclosures in its platform submitted via external researchers through the HackerOne bug-bounty program, all the bugs have been remediated, Uber said.

Breach Shows MFA’s Weaknesses

Greenwood describes MFA fatigue attacks as being a very effective tactic for breaching target organizations. He says his company has observed attackers typically sending frequent MFA requests in the middle of the night or sending less frequent requests over a few days. 

“Either way, in traditional MFA architectures, all it takes is just one approved request for a hacker to access internal systems, from which they can further infiltrate the target organization,” he says.

Uber’s security practices are sure to come under scrutiny because of the breach. But the reality is that the company was the victim of practices that are common to many organizations, researchers note.

Patrick Tiquet, vice president of security and architecture at Keeper Security, says the Uber attack highlights a fundamental misconception around MFA’s strength as a method to secure access. 

“Although MFA adds a critical second layer of security to your accounts, the biggest misconception about MFA is that all forms are equally secure,” he says.

One example of how MFA can fail is SIM card porting, aka SIM-swapping, Tiquet notes. This is where attackers port a mobile number to a SIM card or device that they control to receive SMS messages or phone calls for the target number. 

“Use of SMS text messages as MFA should be discouraged and never used as MFA for high-value assets,” Tiquet says. “The use of an authenticator app, security key, or biometrics are stronger and more effective methods to protect your accounts.” 

Security researcher Bill Demirkapi explains that another very common misconception is that standard forms of MFA — such as push, touch, and mobile — protect against social engineering. The reality is that MFA remains vulnerable to man-in-the-middle (MitM) attacks, he says.

He notes that best practices include using phishing- and MiTM-resistant forms of MFA rather than time-based one-time passwords (TOTP), not centralizing access keys, and rotating keys regularly. On the latter point, organizations also often do not limit access keys to the minimum privileges required for the key’s intended purpose. 

“Uber may not have followed best practices, but many other companies don’t either,” he says. “The main point I’d like to drive home is the importance of not only investing into security for your organization, but specifically investing into these best practices as well.”

It should be noted that the Uber breach is not the only high-profile hit in the last few days; the same Lapsus$ hacker who claimed responsibility in that incident (or at least someone using the same “Teapot” alias that the Uber hacker used) now appears to have also breached Take-Two Interactive’s Rockstar Games, posting videos of an early development copy of the Grand Theft Auto 6 video game. In a message, the company acknowledged the breach and said it was “extremely disappointed” to have details of the game leaked in advance of its release.

Cloud Service Adoption Increases Risk 

MFA is not the only weak link for many companies. At a higher level, breaches like the one at Uber show the impact that rapid cloud services adoption and distributed work models are having on enterprise security strategies, says Russell Spitler, co-founder and CEO of Nudge Security. 

The move to a more distributed model has increased enterprise reliance on asynchronous communications tools such as Slack and WhatsApp in business-critical environments, he says. The rapid adoption of SaaS has created an unmanaged risk in the form of complex integrations between poorly managed services.

“The recent breach at Uber points to the fact that security orgs are outpaced by the sprawling complexity of modern, distributed IT environments and sprawling digital supply chains,” Spitler notes. “This complexity creates opportunities for even the most novice of threat actors to gain access using compromised credentials and [finding] their way to critical assets.”





Source_link

flyytech

flyytech

Next Post
Nextbase 522GW review | TechRadar

Nextbase 522GW review | TechRadar

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

Best Screen Protectors for iPhone 14 Pro Max in 2022

Best Screen Protectors for iPhone 14 Pro Max in 2022

November 13, 2022

Microsoft Surface Laptop 4 review: Windows 10 as it is meant to be | Microsoft Surface

September 14, 2022

Trending.

Image Creator now live in select countries for Microsoft Bing and coming soon in Microsoft Edge

Image Creator now live in select countries for Microsoft Bing and coming soon in Microsoft Edge

October 23, 2022
Allen Parr’s false teaching examined. Why you should unfollow him.

Allen Parr’s false teaching examined. Why you should unfollow him.

September 24, 2022
Review: Zoom ZPC-1

Review: Zoom ZPC-1

January 28, 2023
Elden Ring best spells 1.08: Tier lists, sorceries, incantations, and locations

Elden Ring best spells 1.08: Tier lists, sorceries, incantations, and locations

January 14, 2023
Monitor Events and Function Calls via Console

Set Brave as Default Browser from Command Line

September 29, 2022

Flyy Tech

Welcome to Flyy Tech The goal of Flyy Tech is to give you the absolute best news sources for any topic! Our topics are carefully curated and constantly updated as we know the web moves fast so we try to as well.

Follow Us

Categories

  • Apple
  • Applications
  • Audio
  • Camera
  • Computers
  • Cooking
  • Entertainment
  • Fitness
  • Gaming
  • Laptop
  • lifestyle
  • Literature
  • Microsoft
  • Music
  • Podcasts
  • Review
  • Security
  • Smartphone
  • Travel
  • Uncategorized
  • Vlogs

Site Links

  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms & Conditions

Recent News

April Fools’ Day 2023: The Best Video Game Pranks on the Internet

April Fools’ Day 2023: The Best Video Game Pranks on the Internet

April 1, 2023
Ukrainian Police Bust Multimillion-Dollar Phishing Gang

Ukrainian Police Bust Multimillion-Dollar Phishing Gang

April 1, 2023

Copyright © 2022 Flyytech.com | All Rights Reserved.

No Result
View All Result
  • Home
  • Apple
  • Applications
    • Computers
    • Laptop
    • Microsoft
  • Security
  • Smartphone
  • Gaming
  • Entertainment
    • Literature
    • Cooking
    • Fitness
    • lifestyle
    • Music
    • Nature
    • Podcasts
    • Travel
    • Vlogs

Copyright © 2022 Flyytech.com | All Rights Reserved.

What Are Cookies
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT