September 22, 2022
By Arnie Lopez - WW Systems Engineering, Skyhigh Security
What does one of the most successful ride-sharing platforms and one of the world’s most popular video games share in common
If you said, “Cars,” you would be right.
If you said, “Both were hacked by the same person within a single week.” you would also be right.
First, Uber – the ride-sharing app that changed the way we get from Point A to Point B. On September 15, Uber announced the company had suffered a “cybersecurity incident–a massive data breach revealing more than 124,000 confidential documents” (dated between 2016-2019) detailing shady operations between their driver pools, with law enforcement agencies, and with various governments. Uber employees were caught off guard by the “I announce I am a hacker and uber has suffered a data breach.” post on their internal Slack channel, some initially thinking it was a joke.
You might think this Uber hack was an incredible feat to pull off, but the hacker would strike again – this time on one of the most successful video games in the industry. On September 18, gameplay footage of the highly anticipated sequel, Grand Theft Auto VI, appeared online. Developer Rockstar Games acknowledged on Monday that it had “suffered a network intrusion in which an unauthorized third party illegally accessed and downloaded confidential information” confirming the development footage for Grand Theft Auto VI was, in fact, authentic.
The hacker – under the alias “TeaPot” – claimed to have gained access to Rockstar Games’ internal network, like Uber, by gaining access to an employee’s login credentials. When asked about any concern of an arrest, the alleged hacker told The Washington Post they were not worried because they lived outside the United States.
How do incredibly damaging attacks like this continue to happen? Sadly, it comes down to the human factor. Social engineering will not go away as it is simple and effective, taking full advantage of human nature. There is no tool built to prevent social engineering, outside of Security Awareness and Training that can help organizations employees recognize common tactics and even develop procedures in case unexpected email or notifications appear.
Something else to consider is how collaboration applications are common targets for malicious hackers. Associates and even c-suite level employees tend to be more trusting of communications received there. Consider that Slack was the main app targeted by TeaPot, but AWS and G-Suite were also compromised. The teen actor was then able to access the internal network, scanning other internal cloud applications he could take over. Due to the compromised account, both of these attacks became insider threat attacks, which are very hard to discover and stop.
Moving forward from here, organizations need to apply Security tools such as a CASB (Cloud Access Security Broker) with robust Software-as-a-Service (SaaS) APIs that have deep understanding of how Collaboration Apps work and share information with each other. A CASB with strong behavioral Analytics (UEBA) would work exceptionally well with for solutions like Slack, Office 365, Zoom, G-Suite, and others. Additionally, a ZTNA (Zero Trust Network Access) solution would provide additional protection in case the compromised access was not granted permission to that data to begin with. By restricting access to only those who are granted permission from the get-go, hackers are limited by the credentials they manage to procure.
Read here to learn about some cloud security tools that can you help you deal with use cases like this. There is no one vendor or solution that will protect you 100%, it’s really all about defense in depth and a little luck as well.
Back to Blogs