
Uber, LastPass, DoorDash, and more have all reportedly been recently affected by a breach on a vendor, which led to negative publicity for these companies. They are far from alone — in a recent BlueVoyant survey, 98% of executives surveyed said their organization was negatively impacted by a breach in their supply chain. Here is what you should know from the latest attacks and how to better protect your organization.
A supply chain attack can carry a huge number of implications for any organization. Digital supply chains are made up of the vendors, suppliers, and other third-parties that have network access. Enterprises are only as secure as their weakest third-party link and unfortunately, when this weakness is leveraged by cybercriminals, it can set off a domino effect of security risks with long-term negative impacts on the company finances, reputation, employee welfare and customer’s personal data.
Let’s take a look at Uber — the latest breach, the so-called “UberLeaks”, has allegedly exposed a large amount of company data, including IT asset information, and more than 70,000 employee email addresses. No customer data was reported to be stolen.
Attacks like this open the door to highly targeted spear phishing campaigns, which use the leaked information to send highly believable targeted emails and texts. These messages are designed to steal credentials, money, or other sensitive information. Phishing like this puts Uber and other similarly targeted organizations, plus their employees and stakeholders at greater risk.
This latest attack comes just months after Lapsus$ reportedly accessed the company’s internal network, which has the potential to erode the trust of its stakeholders and customers. According to BlueVoyant’s threat intelligence, Lapsus$ is a financially-motivated cyber criminal group that claimed responsibility for reported attacks on Okta, NVIDIA, Samsung, and others.
In that attack, the threat actors used social engineering to get around multi-factor authentication, or MFA. MFA uses multi pieces of information to access an account or system, such as a password and a code from an app. It increases cybersecurity, but was recently reportedly used to attack Uber and Rockstar Games.
Continue reading on the BlueVoyant blog.
Autor: Lorri Janssen-Anessi and Tom Huckle
Fachartikel

Privilegierte Zugriffe im Fokus: Warum CIOs jetzt auf Privileged Access Management (PAM) setzen müssen

Neue Cyber-Bedrohung „Hazy Hawk“ kapert Subdomains – Gefahr auch für Ihr Unternehmen?

400.000 DMARC-Boost nach Microsofts Update für Absender mit hohem Volumen

Ausgewogenes Verhältnis zwischen Notfallwiederherstellung, Backup-Systemen und Sicherheit

Über 100 schädliche Chrome-Erweiterungen entdeckt – getarnt als KI-Tools, VPNs und Krypto-Helfer
Studien

Unternehmen blockieren zunehmend GenAI-Tools – DNSFilter-Studie zeigt wachsende Sicherheitsbedenken

Weltweite Investitionen in Quantencomputing nehmen branchenübergreifend zu

Princeton-Forscher warnen vor fatalen KI-Angriffen im Web3-Umfeld

Führungskräfte ohne KI-Wissen? Gartner-Umfrage offenbart Sorgen der CEOs

Schweigen über KI-Erfolge: Was eine neue Ivanti-Studie offenbart
Whitepaper

Neuer Leitfaden zur Sicherung von KI-Daten veröffentlicht

Russische Cyberangriffe auf westliche Logistik: Deutsche Behörden warnen vor GRU-Einheit 26165

BEC- und FTF-Angriffe – keine andere Cyberbedrohung hat 2024 für mehr Schaden gesorgt

100 Tage bis zum Inkrafttreten des Data Act: Deutsche Unternehmen kaum vorbereitet

Weltweiter Sicherheitslagebericht zeigt dringenden Handlungsbedarf: Vernetzte Prozesse als Schlüssel
Hamsterrad-Rebell

Insider – die verdrängte Gefahr

Sicherer SAP-Entwicklungsprozess: Onapsis Control schützt vor Risiken

Das CTEM-Framework navigieren: Warum klassisches Schwachstellenmanagement nicht mehr ausreicht

Cybersicherheit im Mittelstand: Kostenfreie Hilfe für Unternehmen
