Just like you, I stumbled on the news about the massive data breach suffered by Uber last week. The attack was attributed to the notorious Lapsus hacking group, which has been increasingly active in recent months. Researchers say the incident has highlighted the risks associated with overconfidence in the use of multifactor authentication (MFA), as well as unmanaged risk around cloud-service adoption.
A well-known tactic that the Lapsus hacking group has been known to use is co-opt MFA-circumventing tools into its attack chain. In a statement released by Uber yesterday, it was noted that the attacker who breached its network last week had first obtained the VPN credentials of an external contractor, likely by purchasing them on the Dark Web. The attacker then repeatedly tried to log in to the Uber account using the illegally obtained credentials, prompting a two-factor login approval request each time.
Sad to note that this can happen to any organization, hence, it is important to focus our lens on learning how to protect against such attack scenarios for our various organization rather than be caught unawares or worst still, play the blame-game.
Here is what an expert- Reet Kaur, a Board Member and Advisor to Cisco highlights the following as controls to be taken amongst other expert opinions:
In addition to the above, Patrick Tiquet, vice president of security and architecture at Keeper Security, says the Uber attack highlights a fundamental misconception around MFA's strength as a method to secure access. "Use of SMS text messages as MFA should be discouraged and never used as MFA for high-value assets," Tiquet says. "The use of an authenticator app, security key, or biometrics are stronger and more effective methods to protect your accounts."
Although, some organizations may have implemented some of the controls above, however, it is pivotal to ensure we stay ahead with these multiple strategies in order to avoid being outplaced by the sprawling complexity of modern threats and the actors.
What is the Multifactor Authentication in use at your company? Do you require immediate assessment of these?
You can contact us directly or visit our office from Monday to Friday
Goldlink House, 2 Harare Steet, Off Rabat Street, Zone 6, Wuse, Abuja.
8AM - 5PM