No matter how robust network security is, even the biggest companies fall victim to cyber attacks. These malicious attacks can be costly — to the tune of 4.3 million on average — but they also disrupt operations and hurt a company’s reputation.
In fact, it is anticipated that cybercrime will cost the world $10.5 trillion annually by 2025. A recent breach at Uber reminds us of how social engineering attacks are on the rise and urges us to protect and train our employees to prevent such detrimental attacks. Below, we’ll dissect the Uber data breach and what you can do to avoid facing a similar devastating situation.
So, What Happened at Uber?
On September 15, 2022, Uber employees were surprised to find an unauthorized user posting in their company’s slack channel. They had hacked their way into the account and left a message that read, “I announce I am a hacker and Uber has suffered a data breach.” Uber employees, who did not reveal their identities, admitted that it appeared as if the hacker breached multiple internal applications and accessed sensitive data.
Although the suspected hacker, who is allegedly only 18 years old, has been arrested, the damage was done. The hacker had left an explicit image within Uber’s internal systems and exposed how they had hacked the company using social engineering. Uber is now having to launch their own internal investigation into the incident, and will more than likely have to enact a costly remediation plan.
How Did the Hacker Gain Access to Uber’s Internal Systems?
The Uber cybersecurity protocols would have probably been enough to prevent the data breach — if it weren’t for the use of social engineering. The hacker admitted on Twitter that they gained access to the company’s internal VPN by tricking an employee into handing it over. The hacker claimed they were a corporate information technology expert and needed the password. The threat actor also had access to credentials that allowed them to breach Uber’s AWS and G Suite accounts.
Social engineering — or the practice of using human emotion to get the victim to perform an action or give the threat actor needed information — is not uncommon in the cybersecurity world. In fact, many experts agree that untrained employees are your biggest area of vulnerability. The threat actor responsible for the Uber data breach has also claimed to have used social engineering when launching an attack against Rockstar Games.
Protect Your Company Against Incidents Like the Uber Data Breach
Stay Up to Date With the Latest Social Engineering Techniques
Although direct messaging and calling are popular social engineering techniques, it’s expected that the cybercrime trend of impersonating well-known companies through email phishing scams will continue to grow this year. To protect your organization, be aware of these trends and speak with a cybersecurity consultant if you feel your organization is vulnerable.
Test Your Network Vulnerabilities Regularly
Unfortunately, social engineering isn’t going away — which means you need to know if there are vulnerabilities within your network that can make a social engineering attack even more disastrous. For example, a threat actor who has gained access to your internal network with stolen login credentials may be able to move laterally within your organization’s internal framework and escalate their privileges with help from unpatched applications or outdated technologies.
Routine vulnerability assessments performed quarterly can help your organization’s private data stay private. An expert assessment can help identify false positives from vulnerability scans and provide a report with more information. An assessment report may include discovered vulnerabilities, a walkthrough of what was done, and research and solutions to better protect your organization.
Continuously Train Your Employees To Recognize Attacks
Uber was hacked in 2022 because an employee did not recognize that they were a victim of social engineering. Cybersecurity awareness training can arm employees with valuable information so that they know what to do when suspicious activity occurs at work. Engaging learning tools such as training videos and live hack demonstrations can not only get your team up to speed, but can help motivate them to stay vigilant.
Kevin Mitnick Security Awareness Training
Aside from learning the details about cyberattacks like the Uber data breach, security awareness training for your employees can help keep you one step ahead of social engineers.
Train your team when and where it’s convenient, with the world's largest security awareness training content library. Begin strengthening your organization’s security posture by exploring the Security Awareness Training Library by Mitnick Security.