Hi, what are you looking for?
Malicious attacks of this magnitude illustrate the need for businesses to extend their focus beyond just password best practices.
Uber’s internal systems have been breached and many of the company’s vulnerability reports were stolen. The malicious attacker shared screenshots of what appears to be full access to many critical Uber IT systems, including the company’s Windows domain and security software.
The hacker also accessed the company’s Amazon Web Services console, VMware ESXi virtual machines, Google Workspace email admin dashboard, and Slack server, to which the hacker posted messages.
The New York Times, which first reported on the breach, said the attacker breached Uber after performing a social engineering attack on an employee and stealing their password. The attacker then gained access to the company’s internal systems using the stolen credentials.
Looking into this issue for Digital Journal is Keith Neilson, Technical Evangelist at CloudSphere.
Neilson opens y explaining why a firm like Uber presents a prime target for criminal cyber-gangs: “High-profile enterprises entrusted with large volumes of sensitive customer data have a responsibility to establish strict guardrails around access management. For organizations today, basic password protection just isn’t enough to ensure proper identity access management and security of all cyber assets.”
There are consequences from this for the business community to consider and to take action, says Neilson: “Malicious attacks of this magnitude illustrate the need for businesses to extend their focus beyond just password best practices – they must prioritize secure access and next-generation authentication. Developing new and improved alternatives to password management begins with the implementation of a robust cyber asset management strategy.”
However, simply taking action can go awry if the action is inappropriate. This means special levels of security. Here Neilson states: “In the context of this incident, the most important thing to consider is that companies have no way of remediating what they cannot see. Given the multi-layer implications between data, assets, applications, and users, companies can only begin to enforce identity and password management policies when they secure full visibility of their attack surface.”
Asa to how this translates in measurable effect, Neilson opines: “Hence, the first step to an effective cyber asset management strategy is taking inventory of all cyber assets hosted within the company’s IT estate. Once all assets are accounted for, enterprises can adopt and enforce more advanced authentication methods and security guardrails. Without this integration, passwords will continue to be used as a fallback, leaving valuable data vulnerable to attacks.”
Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.
Ford unveiled Wednesday its seventh-generation Mustang in a brash and boisterous launch event in downtown Detroit.
On September 27, at 01:14 CEST, NASA’s DART (Double Asteroid Redirection Test) mission is lined up to collide with a body called Dimorphos.
Yvon Chouinard built an empire with his outdoor gear brand Patagonia, but the nature enthusiast has never done business like anyone else.
Ukraine has lost nearly 15 percent of its grain storage capacity in the war with Russia, threatening its role as a key food supplier...
COPYRIGHT © 1998 - 2022 DIGITAL JOURNAL INC. Sitemaps: XML / News . Digital Journal is not responsible for the content of external sites. Read more about our external linking.