Technology What Uber's data breach reveals about social engineering

What Uber’s data breach reveals about social engineering


Couldn’t attend Transform 2022? Check out all the top sessions in our on-demand library now! Look here.

Few techniques are as popular among cybercriminals as social engineering. Research It turns out that IT workers get an average of 40 targeted phishing attacks each year, and many organizations struggle to catch them before it’s too late.

just yesterday, Uber was added to the long list of companies beaten by social engineering after an attacker managed to gain access to the organization’s internal IT systems, email dashboard, Slack server, endpoints, Windows domain, and Amazon Web Services console.

The New York Times [subscription required] reported that an 18-year-old hacker sent a text message to an Uber employee posing as support staff to trick them into handing over their password. The hacker then used it to take over the person’s Slack account, before later gaining access to other critical systems.

The data breach sheds light on the effectiveness of social engineering techniques and suggests companies should re-evaluate whether they are using multi-factor authentication (MFA) to secure their employees’ online accounts.


MetaBeat 2022

MetaBeat will bring together thought leaders to offer advice on how metaverse technology will change the way all industries communicate and do business October 4 in San Francisco, CA.

Register here

Social engineering: the accessible way to hack

In many ways, the Uber data breach further illustrates the problem of relying on password-based authentication to control access to online accounts. Passwords are easy to steal with brute-force hacks and social engineering scams, and they provide attackers with a handy entry point to exploit.

At the same time, no matter how good a company’s defenses are, if they rely on passwords to secure online accounts, it only takes one employee to share their credentials for a breach to occur.

“Uber is the latest in a series of victims of social engineering attacks. Employees are human too, and eventually mistakes will be made with serious consequences,” said Arti Raman, CEO and founder of Titaniam. “As this incident proved, despite existing security protocols, information can be accessed with privileged credentials, allowing hackers to steal underlying data and share it with the world.”

While measures such as enabling multi-factor authentication can reduce the chances of account takeover attempts, they will not completely prevent them.

Rethink Account Security

In general, user awareness is an organization’s best defense against social engineering threats. By teaching employees how to detect tampering attempts in the form of phishing emails or text messages, using security awareness training can reduce the chances of them being tricked into handing over sensitive information.

“General cybersecurity awareness training, penetration testing, and antiphishing education are powerful deterrents to such attacks,” said Neil Jones, director of cybersecurity evangelism at Egnyte.

Organizations simply cannot afford to think that multi-factor authentication is enough to prevent unauthorized access to online accounts. Instead, business leaders should assess the level of risk based on the authentication options supported by the account provider and implement additional controls accordingly.

“Not all MFA factors are equal. Factors such as push, one-time access codes (OTPs), and voice calls are more vulnerable and easier to circumvent through social engineering,” said Josh Yavor, CISO at tessian.

Rather than relying on this, Yavor recommends implementing security key technology based on modern MFA protocols such as FIDO2 that have phishing resistance built into their designs. These can then be extended with secure access controls to enforce device-based requirements before users can access online resources.

The mission of VentureBeat is a digital city square for tech decision makers to gain knowledge about transformative business technology and transactions. Discover our briefings.

Shreya Christina
Shreya has been with for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

Latest news

Лучшие Онлайн Казино 2024 Топ Казино Для Игры в Деньг

Лучшие Онлайн Казино 2024 Топ Казино Для Игры в ДеньгиРейтинг преданных Онлайн Казино самые Топ Клубы россииContentСамые Надежные✅ Онлайн...

Azərbaycanda Mərc Oyunları Şirkəti Görüş Və Rəylər

ContentPin Up Bet Azərbaycan - Rəsmi Azerbaycan Bukmeker Kontoru Pin Up CasinoBonus Siyasəti Bukmeker Pin-upRəsmi Saytın Icmalı Pin UpŞirkət...

Vulkan Vegas Promo Code März 2024: Bis Zu A Thousand Bonus

Nur bei Live life Casino Spielen sein die Punkte bei weitem nicht vergeben. Ein höherer Spielerstatus bringt verschiedene...

1win ⭐ Ei̇dman Və Kazino Mərcləri >> Depozit Bonusu $1000

ContentIn Az-da Mərc Oynamağa Necə Başlamaq OlarIn Saytında QeydiyyatIn ötrü Rəsmi Olaraq Necə Qeydiyyatdan ötmək OlarQeydiyyatdan Sonra Sayta Necə...

1win Azərbaycan ᐉ Bukmeker Kontorunun Formal Saytı ᐉ Bonuslar Və Idman Mərcləri

ContentIn Yatırım BonusuDepozit Bonusları Yoxdurİlk Dörd Depozit üçün BonuslarIn Kazino Nə Təklif EdirJackpot OyunlarıIn Az-da Oyun Hesabı Necə Yaradılır?Azərbaycanda...

Azərbaycanda 1 Onlayn Mərc Evi Və Kazino

ContentIn Bukmeker OfisiDepozit Bonusları Yoxdurİdman Mərc BonusuKazino QazanınIn Azerbaijan – İdman Mərcləri Və Onlayn KazinoQalib Kazino BonusuRulet Və Ya...

Must read

You might also likeRELATED
Recommended to you