Are you smarter than a fifth grader? At least three large-scale corporations have proven that they aren’t this week in a string of cyber breaches – two of which were orchestrated by a group of teenagers. Hackers can often stereotypically be thought to be super sophisticated geniuses working in a high-tech computer lab somewhere in a foreign country. However, Uber and gaming company Rockstar were hacked by a group of teens.
These teens didn’t need a high-tech lab to pull of these data breaches they just needed one powerful tool – social engineering.
Optus hack
Optus customers both past and present were enraged to find out copious amounts of their sensitive data has been compromised in a data breach that occurred earlier this week. It is suspected close to 10 million people’s data has been compromised in the Optus hack attack.
The telecommunications giant admitted that licence, passport, credit card details and other highly sensitive information has been compromised in the attack. Optus are believed to have been threatened with a $1 million USD ransom to be paid through Monero, a cryptocurrency.
Uber hack
The global riding-sharing and food delivery company Uber revealed earlier this week that it had suffered a massive data breach. It is now thought that the notorious Lapsus$ group are behind the breach. The group aim to hack large tech companies and have been associated with the hacks of including Microsoft, Nvidia, and Samsung.
Uber said that an external contractor had their account compromised, the company speculated that the hacker bought the person’s corporate password on the dark web.
Rockstar hack
Rockstar is the gaming developer responsible for the GTA series. The company also suffered a data breach during the week at the hands of Lapsus$. The hackers leaked footage from the highly anticipated GTA VI in what is being called “one of the biggest confidential data breaches in gaming history.”
How did teenagers manage to hack these companies?
In a nutshell – social engineering. In both instances, hackers used dark web credentials to initially gain access. The attacker then tricked a contractor using social engineering tactics into getting their credentials and getting past their two factor authentication. The hacker was then able to find admin credentials and security ‘break glass’ accounts.
Uber said that they don’t believe any public-facing systems with sensitive customer data such as trip histories and credit card data were breached.
Is MFA fatigue to blame?
Multi factor authentication and two factor authentication fatigue is a new concept that security experts are discussing. Authentication fatigue is a form of social engineering where a hacker overwhelms a person with tens or even hundreds of authentication notifications when trying to access a protected account. The hope is that the person will get so frustrated or overwhelmed with the constant notifications that one will be accepted.
Multi factor authentication fatigue is believed to be a major factor in both the Uber and Rockstar data breaches.
How can a business prevent this?
As a business it is important to remember that hackers can be anyone from professionals to even teenagers. As a business it is also your priority to protect the sensitive data of your customers.
IT security is constantly changing so partnering with a security-focused MSP such as Milnsbridge IT is one way you can prevent data breaches. That way you have a team of experts who are up to date with the latest security threats and trends.
Data breaches not only result in massive reputation loss, downtime but can also result in fines through GDPR laws in Europe or the Notifiable Data Breach Scheme in Australia. Similarly, in the case of Optus, angry customers who now run the risk of identity theft may band together for a class action.
To speak to an expert about how an MSP can help protect your business, call Milnsbridge on 1300 300 293.
