Lapsus$ Hit Uber

Uber was forced to close one of its software and messaging systems after an attacker got into its network. Uber said it believed the hacking group Lapsus$ was the attacker that made the company to temporarily close some internal systems.

The company says that the attacker gained access after obtaining an external contractor’s account information. Uber also said that the attacker used the stolen credentials of an Uber EXT contractor in an MFA fatigue attack where the contractor was flooded with two-factor authentication login requests until one of them was accepted. Following the breach, the hacking group Lapsus$ claimed responsibility. 

LAPSUS$ first made waves in February and March when the group successfully stole data from Nvidia, Microsoft, and Samsung, among others. Police in the UK later arrested seven people for their roles in the LAPSUS$ gang. Two of the suspects, a 16-year-old and 17-year-old, were later charged with computer hacking crimes. 

It’s possible at least one member of LAPSUS$ remains at large. Some of the group’s early targets were in South America, which has caused researchers to suspect other gang members may be based not in the UK. The hacker who breached Uber reportedly describes himself as an 18-year-old. He’s also been using the screen name “Tea Pot.” There is speculation that he is connected to the 'Tea Pea' hackers who breached the Intercontinental Hotel Group and deleted 'data for fun'. 

For many, 2022 has been a wake-up call: there are no safe industries, and there are no safe countries and cyber crime is everywhere. 

SonicWALL's mid-year threat report found that malware rose by 2.8 billion globally in the last year.  Other findings include:

  • Encrypted threats has 132% increase to 4.8 billion.
  • The finance sector experiences the highest IoT malware attempts up 151%.
  • IoT Malware is up 134% in the UK and 228% in the US.

Malware touches every facet of our lives. During the average day, much of what we interact with, from the clothes that we wear to the cars that we drive, even the water that we drink, has been impacted by a cyber attack and is a pervasive threat expanding at an alarming pace.

SonicWALL:     Business Standard:    The Verge:    PCMag:    InfoSecInstute:   Bleeping Computer:    FT:   

You Might Also Read: 

A Phishing Attack That Delivers Three Forms Of Malware:

 

« Network Security Recommendations Tailored To Your Business
A Mysterious New Hacking Group »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Logicalis

Logicalis

Logicalis are a leading provider of global IT solutions and managed services.

Bayshore Networks

Bayshore Networks

Bayshore Networks was founded to safely and securely protect Industrial IoT (IIoT) networks, applications, machines and workers from cyber threats.

DTS Solution

DTS Solution

DTS Solution delivers advanced cyber security solutions through is technology partnerships with industry leading security vendors and advanced consulting services.

Snyk

Snyk

Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world.

ThreatAdvice

ThreatAdvice

ThreatAdvice is a provider of cybersecurity education, awareness and threat intelligence.

Mitre ATT&CK

Mitre ATT&CK

MITRE ATT&CK™ is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

Infopulse

Infopulse

Infopulse is a global provider of Software Engineering, Cloud & IT Infrastructure Management, and Cybersecurity services.

SCADASUDO

SCADASUDO

SCADASUDO is a cyber solution architecture and design office, established by leading experts in the field of OT (Industrial control) and IT (information Technology).

Accredia

Accredia

Accredia is the national accreditation body for Italy. The directory of members provides details of organisations offering certification services for ISO 27001.

NinjaJobs

NinjaJobs

NinjaJobs is a community-run job platform developed by information security professionals. We focusing strictly on cybersecurity positions.

ALTR

ALTR

ALTR provide software-embedded solutions for data security and privacy.

Dark Intelligence

Dark Intelligence

Dark Intelligence, created by Protective Intelligence, is the world’s first independent Dark Web Security Operations Centre.

Ampion

Ampion

Ampion is a leading Australian provider of cyber security, DevOps and quality engineering services.

Auriga Consulting

Auriga Consulting

Auriga is a center of excellence in Cyber Security, Assurance and Monitoring Services, with a renowned track record of succeeding where others have failed.

Saporo

Saporo

Saporo helps organizations increase their cyber-resistance. Continuously map your attack surface and get the recommendations you need to make your organization more resistant to attacks.

ORS Consulting

ORS Consulting

ORS Consulting is a specialist provider of risk management advisory services supporting asset-intensive industries such as chemicals, energy, power and utilities, defence and maritime.