An 18-year-old hacker used stolen credentials, performed MFA Fatigue to bypass MFA, social engineered IT by posing as the employee, and found admin credentials in PowerShell scripts leading to full system compromise.
Uber Hack Uses Stolen Credentials and MFA Fatigue
Leads to access of several internal systems including AWS and Google Workspace.
What is the attack?
Several internal systems were compromised and breached including code, Slack, Google Workspace, and AWS.
Why did it get through?
Traditional MFA was defeated through social engineering and MFA fatigue.
Critical admin credentials were hardcoded in scripts, providing easy escalation.
Existing security measures failed to detect unusual access patterns and system interactions.
What is required to solve for this attack?
Continuous behavioral analysis across all communication channels (Slack, Email, Cloud + SaaS) to detect anomalous interactions.
Utilize AI-driven behavioral detection to flag anomalies especially for OAuth application changes or token use.
Correlate suspicious events across Cloud + SaaS ecosystems.