Professional Documents
Culture Documents
Kishore OE
Kishore OE
Kishore OE
Presentation
on
Study of Cyber Attack on
Uber
Impact on uber.
Slide-2
DEAPARTMENT OF MECHANICAL ENGINEERING,NMIT
INTRODUCTION TO CYBER SECURITY
Cyber security focuses on protecting computer systems from unauthorized access.
Cyber Security is a process that's designed to protect networks and devices from
external threats.
Cybercrime is a global problem that’s been dominating the news cycle. It poses a
threat to individual security and an even bigger threat to large international
companies, banks, and governments.
Today’s organized cybercrimes far out shadow lone hackers of the past now large
organized crime rings function like start-ups and often employ highly-trained
developers who are constantly innovating online attacks.
Slide-3
DEAPARTMENT OF MECHANICAL ENGINEERING,NMIT
ABOUT THE CYBER ATTACK
Uber previously came under fire for covering up a data breach that occurred in
November 2016 that exposed the data of 57 million employees and users.
Uber has suffered a data breach after Teqtivity, a software company which
provides asset management and tracking service for Uber, was targeted in a
cyber attack.
Slide-4
DEAPARTMENT OF MECHANICAL ENGINEERING,NMIT
PROBLEM FACED BY THE
UBER
Device information: Serial Number, Make, Models, Technical Specs
User Information: First Name, Last Name, Work Email Address, Work
Location details
Uber told Bleeping Computer that the source code leaked on the hacking
forum was created by Teqtivity to manage Uber's services, explaining the
many references to the ride-sharing company.
Slide-5
Following contact with the hackers, Sullivan attempted to pay them
$100,000 to sign a non-disclosure agreement which and eventually paid them
the sum in Bitcoin in December 2016, despite not knowing their true
identities.
In January 2017, Uber discovered their identities and the hackers signed a
new version of the original non-disclosure agreement which contained their
true names. Both hackers were prosecuted and pleaded guilty in October
2019 to charges of computer fraud conspiracy.
Slide-6
IMPACT ON UBER
First, they failed to monitor login attempts properly.
Uber doesn’t receive notifications if third-party tries to log into a business account
easy availability allows hackers to access sensitive information from other linked
third-party apps.
There was a possibility this attack was entity to gain access to sensitive information.
Slide-7
SOLUTION PROVIDED BY THE
UBER
Potentially compromised accounts were identified and blocked or required password
resets to regain access.
Many internal tools were disabled.
Access parameters were reset on many of Uber’s internal services via key rotations.
The company’s codebase was locked down, preventing any new code changes.
When Uber restored access to internal tools it required employees to reauthenticate
credentials.
Uber Covered Up Hack of Customer Data.
Cloud Security Monitoring
Security Controls
Slide-8