“We needed to find solutions to a variety of issues whilst being a complex business, operating in a 24/7 environment. Stripe OLT listened and understood immediately the challenges we faced.”

IT Operations Manager
Simon Darley
Trusted by industry leaders

Let's Talk

Call us on one of the numbers below, we cover the whole of the UK, so call the nearest office.

BriSTOL HQ & The South West

London & Surrounding Areas

Manchester & the North

“We needed to find solutions to a variety of issues whilst being a complex business, operating in a 24/7 environment. Stripe OLT listened and understood immediately the challenges we faced.”

IT Operations Manager
Simon Darley
Trusted by industry leaders

Request a Call-back.

First we need a few details.

Contact Form Primary popup

Keep up to date with the experts

Get insights direct to your email inbox

NEWSLETTER - Exit Intent

Follow us on social

“We needed to find solutions to a variety of issues whilst being a complex business, operating in a 24/7 environment. Stripe OLT listened and understood immediately the challenges we faced.”

IT Operations Manager
Simon Darley
Trusted by industry leaders

Request a Call

First we need a few details.

Contact Form Primary popup w/ Captcha
Expert Intel

The Uber & Rockstar Hacks - Why there is no magic bullet.

Published: October 8, 2022
Updated: May 29, 2024
Expert: Ben E
Role: SOC Analyst
Specialises in: Threat intelligence
What you will learn:
Why MFA isn't the magic bullet we're all looking for.
With 323,972 social engineering attacks reported to the FBI between 2017-2021, it shouldn’t come as a huge surprise that a big juicy target like Uber & Rockstar were hit.

Let’s get straight to it – companies have been sold the idea that MFA is a magic bullet to prevent data breaches, it isn’t. It is simply a deterrent.

Social engineering is known to be a very effective way to bypass MFA (Multi-Factor authentication). Most commonly, through MFA fatigue or pretending to be from the I.T department… With 323,972 social engineering attacks reported to the FBI between 2017-2021, it shouldn’t come as a huge surprise that a big juicy target like Uber & Rockstar were hit. Realistically, this number will increase dramatically, year after year.

Humans will always be the weakest link. You can be locked up like a fortress, but all it takes is a single clever attacker or an over-worked employee who is tired, for the attack to be successful. People naturally are less aware when their busy working, or if untrained, they aren’t equipped to spot the right signs of an MFA fatigue attack.

What is MFA fatigue?

An MFA Fatigue attack is when a malicious threat actor runs a script repeatedly, attempting to log in with stolen credentials again and again. This creates (what feels like) an endless stream of MFA push notifications, to be sent to the account owner’s device.

Their intention? To break down the target’s cyber security posture and inflict fatigue via the MFA prompts.

Training a user to report MFA prompts that they haven’t requested is pivotal in keeping your network secure. It should be best practice to teach all employees to ask questions like, “Why would I.T call me about this? Is this normal?”.

The Rockstar Attack.

With regards to the impersonation attack for Rockstar, people think this should be difficult to pull off in a big organisation, that is quite the opposite in my opinion. Smaller businesses know their employees. They know Dave from IT and they know that there is no John from IT. They know company practices and because work interrelationships are stronger, workers are more inclined to raise a concern when they have it.

In larger organisations, however, these can be lost. “I’ve never spoken to anyone in IT before, so John must work here…” – They don’t know what standard procedure is within IT departments and that’s likely because it’s not a part of their day-to-day job.

So what can you do?

  • A good defence against this type of attack would be to implement MFA with physical security keys. This adds an additional obstacle to attackers as they need the physical keys to access resources, even if they manage to trick a user.
  • A zero-trust model could have possibly slowed the attacker down once they gained initial access. This model is designed to limit access so that people do not have more privilege/access than they need. This would have made lateral movement more difficult for the attacker.

Questions IT departments need to be asking.

  • Are we prepared for insider attacks. Do we know how to respond and contain this type of incident?
  • How is our network segregated and do we have multiple, vital systems on the same subnets where a hacker would be to traverse them?

Immediate take-aways.

  • Assume no one is safe, that you’ll be breached eventually and plan accordingly.
  • Zero trust and rule of least privilege should be exercised wherever possible.
  • Invest in your employees. They can be an extremely effective defence against attacks if they are properly trained.
  • Teach employees how to report unwanted MFA prompts and suspicious phone calls – make it best practice.

My thoughts? Uber & Rockstar shouldn’t be condemned outright for this attack – unfortunately it’s true that most companies, big & small, could have fallen victim to this attack, and you’re only as strong as your weakest link…

Our latest expert Intel

  • July 18, 2024
    Read full article
  • June 20, 2024
    Read full article
  • June 13, 2024
    Read full article
  • Obtaining actionable data from M365 Defender for Endpoint using KQL background
    May 29, 2024
    Read full article
  • May 29, 2024
    Read full article
  • May 29, 2024
    Read full article
  • Gootkit
    May 29, 2024
    Read full article
  • May 29, 2024
    Read full article
  • Malvertising
    May 29, 2024
    Read full article
  • Microsoft Ignite
    May 29, 2024
    Read full article
  • keys
    May 29, 2024
    Read full article
  • May 29, 2024
    Read full article