Data Leakage: What We Can Learn From the Uber Case and How To Plan the Budget for Next Year
The cybersecurity industry is predictably abuzz following the Uber security incident first reported on September 15. This concerns how an (allegedly) 17-year-old attacker was apparently able to hack the ridesharing giant’s IT infrastructure and acquire access to user data, as well as access vulnerabilities reported to Uber’s HackerOne account.
Uber Hacked Kill Chain :
1. Reconnaissance
Employee information from dark web / VPN
2. Weaponization & Delivery
Social engineering campaign and man-in-the middle MFA portal
3. Exploitation
VPN access and internal network exploitation
4. Privilege Escalation
Hacker found that contained admin access
5. Objective Achieved
Hacker announced that uber has been hacked at employee slack channel
Lesson learn from Uber Hack
- Penetration testing of the web applications is not enough anymore we should to do penetration testing of the internal applications as well
- Security Operation Center did not cover external asset we should to do Security Operation Center extend to outside assets (threat intelligence)
- Limited red-teaming/ social engineering activities we should to do Active red-teaming exercises
- MFA did not support social engineering preventions we should to do Support with MFA tested again
social engineering
Based on my views regarding this seminar as part for Equinox Shipping Group what should to do is a :
1. Social Engineering Campaign – annually.
( Baiting, Pretexting, Phishing, Spear Phishing, Quid Pro Quo, Tailgating, Scareware, etc)
2. Cyber drill annually
(Vishing scenarios are devised to test employees, etc)
3. Prepare for “ Cloud Security “
4. Cyber Monitoring and operations
5. Protect Financial data
6. Endpoint and network security
7. Identity and access management
8. Cyber resilience
9. Application and data protection
10. 3rd party/vendor security management
