Illustration by jcomp
On Sept. 15, Uber Technologies Inc. was breached by an 18-year-old. The hacker purchased an employee’s stolen credentials from the dark web and pushed a flood of multi-factor authentication (MFA) requests and fake IT messages to them in hopes of getting into their account. Irritated by the non-stop pop-ups, the employee caved in and approved the request, unwittingly setting off a cyberattack. Once in, the hacker exploited a privileged account to access Uber’s critical information.
This did not happen by chance, it’s an example of MFA Fatigue Attack. When an attacker gets hold of an account’s credentials but is unable to login due to MFA, they trigger many MFA requests to the target until exasperation wins out. The victim accepts the notification, and the hacker is in. This method works because it takes advantage of human elements such as ignorance, confusion, or irritation.
What happened
What we learn
- MFA fatigue attacks have become increasingly common against well-known organizations like Twitter, Cisco, Samsung, and Okta in 2022 alone. Many users don’t know about this malicious strategy and end up approving the notifications to make them go away.
- In reality, most organizations in the world could be hacked in the same way Uber was. But in Uber’s case, the worse blunder was hard-coding a privileged account’s login credentials into its PowerShell scripts. This event serves as a reminder to keep an eye on our PAM landscapes.
What we should do better
Educate
Your organization’s security is only as good as its employees’ awareness. Employees continue to be a business’s first line of defense, and it is critical that they understand their responsibility in defending the organization. They must be trained to recognize the consequences of their actions as well as know the response strategy in the event of an incident.
Pentest
Familiarity breeds contempt, and being accustomed to your organization’s procedures may cause you to miss a few evident security problems. That is why a fresh perspective is needed to tell you everything that’s wrong with your network. Penetration testing is an effective method for identifying flaws, strengthening defenses, and closing gaps.
Watch
Be aware of what is going on around you. The lessons learned from these incidents must be taken seriously. They frequently disclose loopholes, misconfigurations, or vulnerabilities in third-party apps. Large breaches are often the result of a minor mistake.
Zero Trust
Never trust devices, users, or applications on or off a network until they have been thoroughly verified. More attention needs to be given to securing an endpoint as they prove to be the easiest entry point for attackers. Invest in a product that will help administrators create and automate a Zero Trust security protocol for your endpoints. People make mistakes, so make sure your technology doesn’t make any.
or
