Two weeks ago, the popular ride-sharing app Uber announced a cybersecurity incident that affected a variety of company accounts. The breach reportedly originated within Uber’s internal Slack communication channel after a hacker tricked an employee into sharing their login credentials. Those credentials were then used to log into Uber’s Amazon Web Services and Google Cloud accounts — and to access sensitive financial data.Uber declined to confirm the details of the breach, but The New York Times and The Washington Post both shared screenshots of online conversations with the hacker responsible for the cyberattack. According to those snippets, Uber employees originally thought the breach was a joke, responding to messages from the hacker with GIFs and emojis.
Once the compromise was confirmed and the hacker threatened to share Uber’s source code, however, company executives disabled Uber’s Slack channel and other internal software tools. Although all of Uber’s apps remained operational for users, and no identifying information was leaked, the negative news arrived at an inopportune time for the company. Former Uber chief of security Joe Sullivan is currently on trial for a 2016 breach that did leak the protected records of 57 million Uber users and drivers. In 2017, the company admitted to concealing the attack and, in 2018, distributed $148 million in compensation to users in all 50 U.S. states and Washington, D.C.
Unsurprisingly, on Sept. 16, the day of the hack announcement, Uber’s stock price declined by 5% — and fell another 12% in the week that followed. This clearly illustrates the negative impacts that a cybersecurity incident can have on even the most popular of companies. And there’s no still indication about whether the hackers will try to extort any ransom or financial reward from Uber.
How did this hack happen?
It happened by employing social engineering tactics that prey on unsuspecting users. In this case, the responsible hackers claimed that they targeted an Uber employee who worked on the company’s incident response team. Once that single employee’s login credentials were stolen, hackers then gained access to all of Uber’s online systems. Security experts lamented that laughably low bar of entry — especially since it yielded such a big haul of sensitive information.
No matter the method, the goal is usually the same: to steal sensitive information, gain access to protected accounts, and capture company data, often with the hopes of extracting a ransom or financial reward.
How can you protect your business? CMIT Solutions recommends the following five tips to protect login credentials and mitigate social engineering scams like the one that struck Uber:
1. Learn how to identify threatening messages — Illicit schemes to swipe information and gain access to systems come in a wide variety of formats: fake shipping updates, bland-looking requests to sign an online document, invites to chat on a channel like Slack, or urgent wire transfer confirmations. Cybersecurity training can help you and your employees spot the telltale signs of such social engineering scams. These include suspicious sender addresses, strange syntax, or any kind of alert about resetting a password.
2. Don’t open suspicious email attachments or click on embedded links — Although the Uber hack occurred via a slightly more informal channel like Slack, hackers still try every day to trick users into opening infected PDFs, Word documents, or voice mail files. NEVER open an attachment unless it’s a specific file you’re expecting from a trusted co-worker. The same goes for clicking unfamiliar URLs that urge you to take action. Always check to see whether the URL written in a message matches its destination by right-clicking the link and verifying it against the sender’s email domain (for instance, a message purportedly from Amazon.com should only include links that point to Amazon.com). If you see long strings of nonsensical numbers or letters, DO NOT CLICK the link.
3. Add multi-factor authentication (MFA) to all logins — MFA requires computer users and account holders to follow up their standard username/password login by entering a unique code delivered via text or confirming a push notification sent through a single sign-on (SSO) app. This second layer of cybersecurity can mitigate a compromised credential by throwing up an extra obstacle in the way of a hacker’s attempt to log in and steal information.
4. Never share personal, financial, or medical information via email, chat, or other online methods — One of the most nefarious ways that social engineering operates is by warming up to users and breaking down their natural defenses so that they recklessly share sensitive information. If a colleague or contact requests protected information like passwords, birthdays, or account numbers via email, text, or online chat, double-check the legitimacy of that request with a face-to-face meeting or live phone call.
5. Partner with a trusted IT provider to assess and enhance cybersecurity protections — There isn’t a single security tactic that can protect your business from every digital threat. What you can do, however, is work with a reliable managed services provider (MSP) to construct a multi-layered network of complementary defenses around your technology. That should include basic network security tools like anti-spam, anti-malware, and anti-virus software along with strong firewalls, Internet traffic analysis, and 24/7 system monitoring to block cyberattacks and safeguard login credentials.
CMIT Solutions has 25 years of experience assessing sophisticated threats, training employees to be the first line of defense, and empowering businesses to stay safe. We work with companies of all sizes in all industries to protect against social engineering scams, ransomware infections, phishing attempts, and other digital dangers.
Not sure whether the Uber breach impacts you? Ready to enhance the security of your apps, your employees, and your information? Contact CMIT Solutions today. We defend your data, protect your networks, and ensure smooth day-to-day operations, removing the stress of IT so you can focus on running your business.