What we knew so far?
In the last cyber securityaccident reportedly affecting Uber, the hacker sent a text message to an Uber worker claiming to be a corporate information technology staff. The worker was persuaded to hand over a password that allowed the hacker to gain access to Uber’s systems, a technique known as social engineering. (NY Times) pls add
According to New YorkTimes, Uber employees were instructed not to use the company’s internal messaging service, Slack, and found that other internal systems were inaccessible.
It was a successful socialengineering attack. One Uber employee VPN account is compromised.
Does this affect me?
The hacker has not yet published data online or requested a ransome, and there is no confirmation of a confirmed data leak. But all the system and administrator passwords are compromised.
Unber Internal Financial Info
Who is/are the hackers?
A 18 year old cliam he is responsible and there seems no other parties involved.
What Uber did wrong ?
A fake website was accessible by Uber employee and the employee enter MFA passwords. Using blacklisting to block website access is not effective to stop phishing since the website do not have any virus or malware. It is an impersonating website. Traditional software scanning or security review cannot flag this website and block it.
Blacklist effectiveness is relying on some aleady known high risk elements and the website must showing these risky elements (like loading extra JS or using unsafe lib). In this case, blacklist cannot identify a lookalike website as risky.
The correct way should be using domain whitelisting. Any lookalike website , although appears to human eyes are not the same as in the whitelist. Whitelisting is 100% secure and safe.