Lapsus$ Hit Uber

Uploaded on 2022-10-04 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Uber was forced to close one of its software and messaging systems after an attacker got into its network. Uber said it believed the hacking group Lapsus$ was the attacker that made the company to temporarily close some internal systems.

The company says that the attacker gained access after obtaining an external contractor’s account information. Uber also said that the attacker used the stolen credentials of an Uber EXT contractor in an MFA fatigue attack where the contractor was flooded with two-factor authentication login requests until one of them was accepted. Following the breach, the hacking group Lapsus$ claimed responsibility. 

LAPSUS$ first made waves in February and March when the group successfully stole data from Nvidia, Microsoft, and Samsung, among others. Police in the UK later arrested seven people for their roles in the LAPSUS$ gang. Two of the suspects, a 16-year-old and 17-year-old, were later charged with computer hacking crimes. 

It’s possible at least one member of LAPSUS$ remains at large. Some of the group’s early targets were in South America, which has caused researchers to suspect other gang members may be based not in the UK. The hacker who breached Uber reportedly describes himself as an 18-year-old. He’s also been using the screen name “Tea Pot.” There is speculation that he is connected to the 'Tea Pea' hackers who breached the Intercontinental Hotel Group and deleted 'data for fun'. 

For many, 2022 has been a wake-up call: there are no safe industries, and there are no safe countries and cyber crime is everywhere. 

SonicWALL's mid-year threat report found that malware rose by 2.8 billion globally in the last year.  Other findings include:

  • Encrypted threats has 132% increase to 4.8 billion.
  • The finance sector experiences the highest IoT malware attempts up 151%.
  • IoT Malware is up 134% in the UK and 228% in the US.

Malware touches every facet of our lives. During the average day, much of what we interact with, from the clothes that we wear to the cars that we drive, even the water that we drink, has been impacted by a cyber attack and is a pervasive threat expanding at an alarming pace.

SonicWALL:     Business Standard:    The Verge:    PCMag:    InfoSecInstute:   Bleeping Computer:    FT:   

You Might Also Read: 

A Phishing Attack That Delivers Three Forms Of Malware:

 

« Network Security Recommendations Tailored To Your Business
A Mysterious New Hacking Group »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ClearedJobs.Net

ClearedJobs.Net

ClearedJobs.Net is a career site and job fair company for professionals seeking careers in the defense, intelligence and cyber security communities.

GovCERT.CZ

GovCERT.CZ

GovCERT.CZ is the Government Computer Emergency Response Team of the Czech Republic.

Datto

Datto

Datto delivers a single toolbox of easy to use products and services designed specifically for managed service providers and the businesses they serve.

Argus Cyber Security

Argus Cyber Security

Argus is the world’s largest automotive cyber security company, protecting connected cars and commercial vehicles from hacking.

Cyber Exec

Cyber Exec

Cyber Exec is an executive search firm dedicated to global talent acquisition in Cyber Security, Information Technology, Defense...

Nuvias Group

Nuvias Group

Nuvias Group is a specialist value-addedd IT distribution company offering a service-led and solution-rich proposition ready for the new world of technology supply.

OEDIV SecuSys

OEDIV SecuSys

OEDIV SecuSys (previously iSM Secu-Sys) develops high-quality IT software solutions, setting standards as a technology leader in the area of identity and access management.

Culinda

Culinda

Culinda secures medical IoT devices in hospitals with An Artificial Intelligence platform and security gateway.

Cytomic

Cytomic

Cytomic is the business unit of Panda Security specialized in providing advanced cybersecurity solutions and services to large enterprises.

H3Secure

H3Secure

H3 Secure focuses on Secure Data Erasure Solutions, Mobile Device Diagnostics and Information Technology Security Consulting.

Cyber Security for Europe (CyberSec4Europe)

Cyber Security for Europe (CyberSec4Europe)

CyberSec4Europe is designing, testing and demonstrating potential governance structures for a European Cybersecurity Competence Network.

BridgingMinds Network

BridgingMinds Network

BridgingMinds Network is an industry leading best practices and IT security training provider in Singapore.

Bittnet Training

Bittnet Training

Bittnet Training is the leader in the IT Training market in Romania. We develop the IT skills of IT professionals as well as those who wish to start a career in IT.

Quzara

Quzara

Quzara provides trusted advisory services and highly adaptive cybersecurity services to federal, commercial and Defense Industrial Base customers to meet their security compliance and cyber needs.

PROW Information Technology

PROW Information Technology

PROW is at the forefront of the technology and digital revolution with a focus and mastery in the cybersecurity, information security and data management realms.

Stratascale

Stratascale

Stratascale is a consultant, systems integrator, and technology advisor with expertise in Automation, Cloud Ascension, Cybersecurity, Data Intelligence, and Digital Experience solutions.