Ride-hailing giant Uber believes that the attacker behind its recent cybersecurity incident is affiliated with Lapsus$, a hacker group that previously targeted Microsoft, Cisco, Samsung, Nvidia, Okta, among many others. The company also confirmed that the attacker was able to breach its various internal tools, including G-Suite and Slack and its dashboard at HackerOne, a bug bounty program.
In its latest security update, Uber said the attacker first gained access to the company's systems by successfully convincing an Uber EXT contractor to accept one of the many two-factor authentication (2FA) login requests. From there, the attacker was able to access other employee accounts, which ultimately gave the attacker elevated permissions to several of its tools.
Protecting connected vehicle fleets
Thankfully, Uber maintained that its apps (Uber, Uber Eats, Uber Freight, and Uber Driver) were not compromised. In contrast, a more dire scenario would involve an attacker gaining access not just to these apps but also to a fleet’s network and then taking control of that fleet’s connected vehicles — a threat that would lead to far-reaching consequences.
As there is no single solution that can eliminate all possibilities of a successful breach, fleet managers must look to a holistic approach to automotive cybersecurity. They should not only secure each vehicle’s onboard and cloud-based systems but also allow the entire fleet to detect and respond to potential anomalies in real time.
To read more research on other possible vulnerabilities in connected cars and learn best security practices, visit our resource center.