Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
Few techniques are as popular among cybercriminals as social engineering. Research shows that IT staff receive an average of 40 targeted phishing attacks a year, and many organizations are struggling to intercept them before it’s too late.
Just yesterday, Uber was added to the long list of companies defeated by social engineering after an attacker managed to gain access to the organization’s internal IT systems, email dashboard, Slack server, endpoints, Windows domain and Amazon Web Services console.
The New York Times [subscription required] reported that an 18-year-old hacker sent an SMS message to an Uber employee impersonating support staff to trick them into handing over their password. The hacker then used it to take control of the individual’s Slack account, before later gaining access to other critical systems.
The data breach sheds light on the effectiveness of social engineering techniques and suggests that enterprises should reevaluate reliance on multifactor authentication (MFA) to secure their employees’ online accounts.
MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.
Social engineering: the low-barrier way to hack
In many ways, the Uber data breach further illustrates the problem of relying on password-based authentication to control access to online accounts. Passwords are easy to steal with brute-force hacks and social engineering scams, and they provide a convenient entry point for attackers to exploit.
At the same time, no matter how good a company’s defenses are, if they’re relying on passwords to secure online accounts, it only takes one employee to share their login credentials for a breach to take place.
“Uber is the latest in a string of social engineering attack victims. Employees are only human, and eventually, mistakes with dire consequences will be made,” said Arti Raman, CEO and founder of Titaniam. “As this incident proved, despite security protocols in place, information can be accessed using privileged credentials, allowing hackers to steal underlying data and share them with the world.”
While measures like turning on multifactor authentication can help to reduce the likelihood of account takeover attempts — they won’t fully prevent them.
Rethinking account security
Generally, user awareness is an organization’s best defense against social engi …