Once again, humans have proved to be the weakest link in protecting against cyberattackers. Here are some tips for added cyber-vigilance

In September 2022, a cyberattacker created a form of deception that exploited human error to exfiltrate sensitive information from Slack messages and internal tools of Uber’s finance team. This type of cybercrime technique is called ‘social engineering’.

With Uber’s operations spanning all over the Asia Pacific region, successful social engineering attacks provider threat actors with useful data that they could exploit in combination with other sensitive data to improve their chances when attacking firms, partners, and financial service providers whose data had been breached.

In analyzing the Uber breach, Group-IB has found that the threat actor bought compromised credentials of Uber employees days before the social engineering infiltrated the company’s system. Depending on the level of access that the threat actors can achieve, such a breach could lead to malicious code embedded into future services via ‘code commits’ from the developing environment of an affected company.

Threat intelligence solutions

To address these cyberattacks, firms need to employ threat intelligence solutions to be kept apprised when any network and sensitive information linked to them are being sold on the Dark Web. Also:

    • Contractors in the supply chain (even in software development) should be included in corporate security management, especially in identity access management and anomaly detection
    • Business partners of linked organizations are encouraged to alert finance and human resource departments on possible cyberattacks and social engineering threats.
    • Customers also need to be vigilant and alert any firm they have dealings with, of any possible social engineering scams via chat messaging services, phishing emails or even trending news and topics of discussion online.
    • Businesses need to conduct regular social engineering penetration tests and drills to battle evolving social engineering tactics. Penetration tests are like fire drills or simulated bomb threats where a simulated cyberattack will be lodged against a computer system to check exploitable vulnerability.

It is not a secret that humans are still the weakest link in cybersecurity matters. Threat actors will continue to conduct more social engineering, which highlights the importance of building cyber awareness within organizations and training personnel regularly.