Operational Technology (OT) and /IoT security firm Nozomi Networks says the timing of last month’s Uber security breach is interesting politically, though seems unrelated to the ongoing trial involving its former security chief.
According to Danielle Jablanksi, OT Cybersecurity Strategist, Nozomi Networks “the timing is interesting politically, though from the shared messages the motivation seems unrelated to the trial.”
“Regardless of the trial outcome, the ability for an individual to gain the level of apparent access they did via well-known social engineering techniques which allowed them to access an internal company VPN is alarming.
“This is the type of access story infosec professionals explain to people who don't understand the level of damage unauthorised access can really do to promote better security practices.
“We tell people about these sorts of situations hypothetically or share things we have seen in the field, but we also promote responsible disclosure.It's not a good look to publicly attempt to embarrass a company by doing something illegal.” Danielle Jablanksi concluded.
Jablanksi,’s comments follow global reports – including one by iTWire’s own Sam Varghese on 20 September– and one by Boston University, that the internal databases of American multinational ride-share company Uber were hacked – and the unnamed 18-year-old who claimed responsibility for the hack said Uber’s ineffective security measures made the breach possible.
As Varghese reported: “Ride-sharing firm Uber says a recent compromise of its network was effected using stolen credentials of an external contractor but claimed that there was no evidence that its production network had been accessed.
“In a statement, the company claimed it was likely that the attacker had bought the Uber contractor's corporate password on the dark web, after malware had been used to steal the credentials. It said the attacker was likely linked to a group known as Lapsus$ which has carried out a number attacks,” Varghese writes.
In its report, Boston University notes: “The hacker, who was eventually arrested and is in police custody, is said to have gained access to Uber’s secure data through “social engineering,” which means manipulating or deceiving someone, often with email or phone calls, to gain access to personal or financial information”
Disclaimer: DATACENTRE.ME may not be held responsible or liable for the content or details within this news article.
For further information, please refer to the full details of this article via the original source here.