UBER HACK 2022

Q1. What is the target?

Ans1. An attempt was made to socially engineer Uber employees, which resulted in access
to a VPN and, ultimately, to the company's internal network. AWS, GCP, Google Drive, Slack
workspace, Sentinel One, Hacker One admin console, Uber's internal employee dashboards,
and a few code repositories were among the services and internal tools the attacker was
able to access and control using admin access.
Q2. Who is the threat? Or what kind of source of threat existed?
Ans2. There was a campaign due to which the unknown attackers got into their network.
The source of the threat was online chat and the medium were the employees.
Q3. Describe vulnerabilities in the selected scenario?
Ans3. Poorly configured and outdated firewall rules. If there was a good firewall setting,
employees then would not have allowed the attackers to enter the network.
Q4. What kind of loss happened?
Ans4. Importantly, the Privileged Access Management (PAM) platform used by Uber had its
admin credentials exposed, which made it vulnerable. The collection of tools and
technologies known as privileged access management (PAM) is used to secure, restrict, and
monitor employee access to a company's vital data and resources. Considering this, it's
possible that the attacker had access to almost all of Uber's internal systems.
Q5. What kind of safeguards could have been employed?

• Increase network security by moving the data center location.

• Do not give the permission to the employees to get into the network.
• Make better firewall settings.