Behind the Hack: Breaking down the break-ins at Uber and Rockstar

Targets: Uber and Rockstar Games
Date of attacks: September 2022
 
Quick take: In September 2022, Uber and Rockstar Games were hit with cyberattacks over the span of just a few days. The same hacker claimed responsibility for both attacks, which Uber believes were launched by the cybercriminal syndicate Lapsus$. According to Uber, the attacker “downloaded some internal Slack messages, as well as accessed or downloaded information from an internal tool our finance team uses to manage some invoices.” The attacker also accessed a dashboard where security researchers report bugs and vulnerabilities. 
While Uber was forced to take some internal software tools offline, the initial impact of the Rockstar hack appears to have been more significant. The breach led to the release of 90 videos which encompassed 50 minutes of in-development gameplay footage for Grand Theft Auto VI. The hacker claims to have stolen the source code for Grand Theft Auto V and VI, which is now being held for ransom. Lapsus$ is suspected of launching this attack as well. 
Why it matters: In both cyberattacks, the perpetrator used company Slack channels to gain access to sensitive information and materials. The videos that were stolen from Rockstar were posted on Slack, where the hacker simply downloaded them. After gaining access to a contractor’s Uber account, the hacker “accessed several other employee accounts which ultimately gave the attacker elevated permissions to a number of tools, including G-Suite and Slack.” The hacker also posted a message on Uber’s company-wide Slack channel. 
Uber suspects that the hacker purchased the contractor’s password on the dark web and repeatedly tried logging into the account. After denying several two-factor login requests, the contractor eventually approved one and provided access. From the heavy reliance on social engineering to the exploitation of a third-party contractor, the attacks on Uber and Rockstar are two more case studies which demonstrate that cyber-awareness in your workforce (and among your partners) is only becoming more important. 
We’ve got a hack for that: NINJIO episodes have covered a range of issues that are directly relevant to the attacks on Uber and Rockstar. For example, one recent episode – “Sleuth or Consequences” (season 7, episode 10) – addresses credential theft, incident reporting, and multi-factor authentication fatigue. The cybercriminals that attacked Uber accessed the contractor’s account with a stolen password and sent so many authentication requests that the victim finally gave in. This incident should have been reported when the contractor received the first fraudulent message. The role of Slack in both breaches is a reminder that employees should be careful about what they share – even in communication channels they believe are internal and secure. 
When employees and partners learn how to take proactive cybersecurity measures, the likelihood of breaches like the ones that hit Uber and Rockstar will be significantly diminished.