Lapsus$ Hit Uber

Uber was forced to close one of its software and messaging systems after an attacker got into its network. Uber said it believed the hacking group Lapsus$ was the attacker that made the company to temporarily close some internal systems.

The company says that the attacker gained access after obtaining an external contractor’s account information. Uber also said that the attacker used the stolen credentials of an Uber EXT contractor in an MFA fatigue attack where the contractor was flooded with two-factor authentication login requests until one of them was accepted. Following the breach, the hacking group Lapsus$ claimed responsibility. 

LAPSUS$ first made waves in February and March when the group successfully stole data from Nvidia, Microsoft, and Samsung, among others. Police in the UK later arrested seven people for their roles in the LAPSUS$ gang. Two of the suspects, a 16-year-old and 17-year-old, were later charged with computer hacking crimes. 

It’s possible at least one member of LAPSUS$ remains at large. Some of the group’s early targets were in South America, which has caused researchers to suspect other gang members may be based not in the UK. The hacker who breached Uber reportedly describes himself as an 18-year-old. He’s also been using the screen name “Tea Pot.” There is speculation that he is connected to the 'Tea Pea' hackers who breached the Intercontinental Hotel Group and deleted 'data for fun'. 

For many, 2022 has been a wake-up call: there are no safe industries, and there are no safe countries and cyber crime is everywhere. 

SonicWALL's mid-year threat report found that malware rose by 2.8 billion globally in the last year.  Other findings include:

  • Encrypted threats has 132% increase to 4.8 billion.
  • The finance sector experiences the highest IoT malware attempts up 151%.
  • IoT Malware is up 134% in the UK and 228% in the US.

Malware touches every facet of our lives. During the average day, much of what we interact with, from the clothes that we wear to the cars that we drive, even the water that we drink, has been impacted by a cyber attack and is a pervasive threat expanding at an alarming pace.

SonicWALL:     Business Standard:    The Verge:    PCMag:    InfoSecInstute:   Bleeping Computer:    FT:   

You Might Also Read: 

A Phishing Attack That Delivers Three Forms Of Malware:

 

« Network Security Recommendations Tailored To Your Business
A Mysterious New Hacking Group »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Hex Security

Hex Security

Hex Security Limited is a specialist Information Assurance (IA) consultancy working with associates and partners to deliver security certification and accreditation support.

Fuel Recruitment

Fuel Recruitment

Fuel Recruitment is a specialist recruitment company for the IT, Telecoms, Engineering, Consulting and Marketing industries.

Duane Morris LLP

Duane Morris LLP

Duane Morris is a global law firm with offices in the USA, UK and Asia. Practice areas include Cybersecurity.

Nordic IT Security

Nordic IT Security

Nordic IT Security is a cyber security business forum in Scandinavia bringing together the converging worlds of IT, Cyber and Information Security.

OPSWAT

OPSWAT

OPSWAT is a software company that provides solutions to secure and manage IT infrastructure.

Trust Stamp

Trust Stamp

Trust Stamp provide Identity and Trust as a Service to answer two fundamental questions: “Who are you?” and “Do I trust you?"

Security Alliance

Security Alliance

Security Alliance provide bespoke cyber intelligence consulting and research services.

M2MD Technologies

M2MD Technologies

M2MD Technologies offers solutions optimized for cellular IoT that provide stronger security, reduced costs, enhanced user experience, and ultimately generates higher returns for stakeholders.

Partners in Regulatory Compliance (PIRC)

Partners in Regulatory Compliance (PIRC)

Partners in Regulatory Compliance provides an array of cybersecurity services including cybersecurity policy management, risk assessments and regulatory compliance consulting.

Pentest Limited

Pentest Limited

Pentest Limited provide information security consultation, penetration testing & red teaming services to companies across the globe.

Tide Foundation

Tide Foundation

Tide's breakthrough multi-party-cryptography enables TRUE-zero-trust technology that unlocks cyber-herd immunity.

Acumera

Acumera

Acumera is a leader in managed network security, visibility and automation services.

Radiance Technologies

Radiance Technologies

Radiance solutions provide technological advantage and operational superiority for our nation in the areas of intelligence, cyber and advanced weapon systems.

Centric Consulting

Centric Consulting

Centric Consulting is an international management consulting firm with unmatched expertise in business transformation, AI strategy, cyber risk management, technology implementation and adoption. 

Tenchi Security

Tenchi Security

Tenchi Security are specialized in Third-Party Cyber Risk Management (TPCRM) and aim to reduce information asymmetry when it comes to third and Nth-Party security and compliance risk management.

Mogwai Labs

Mogwai Labs

Mogwai Labs deliver cutting-edge penetration tests, security assessments and trainings, to safeguard your applications, networks and cloud environments from cyber threats.