So, Uber got hacked. How did it happen? Why did it happen? Can it happen to you? How can you prevent this? Let’s find out.
Uber uses Push Notification MFA(Multi-Factor Authentication). How does this work? Push MFA utilizes smartphone notifications to assert authentication. This puts push MFA in the category of “something you have,” as the user will need to have their smartphone on them to use push notifications as a second factor. After inputting their username and password, end users simply need to unlock their phone and then press a button to either approve or deny the access request.
How did the hacker get around this? The hacker did not have any of the employee's devices. MFA protects against an attacker who has the credentials. But, it is still prone to Man In the Middle attacks.
An attacker can set up a fake domain that relays Uber's real login page with some tools. The only difference is the domain name they are visiting, which is easy to miss as no one looks at the address bar. For most MFA, nothing stops the attacker from relaying the authentication process. This is how even your Instagram/Facebook or any other account can be hacked. The most common thing is fake bank messages which have this mirrored bank login page. I have seen it first hand for people circulating for SBI. So, please never forget to check the address bar.
Once the attacker compromised an employee's credentials, they used that victim's existing VPN access to pivot to the internal network. Internal infrastructure is often significantly less audited and evaluated compared to external infrastructure.
The attacker shared several screenshots of Uber's internal environment, including their GDrive, VCenter, sales metrics, Slack, and even their EDR portal.
The hacker sent a slack message after attacking. Employees thought it was a joke. But, it was actually their worst nightmare.
Thank you very much my friends for reading this blog, If you like to read this sort of Information regarding technology then following the blog will be Great.