
Uber, LastPass, DoorDash, and more have all reportedly been recently affected by a breach on a vendor, which led to negative publicity for these companies. They are far from alone — in a recent BlueVoyant survey, 98% of executives surveyed said their organization was negatively impacted by a breach in their supply chain. Here is what you should know from the latest attacks and how to better protect your organization.
A supply chain attack can carry a huge number of implications for any organization. Digital supply chains are made up of the vendors, suppliers, and other third-parties that have network access. Enterprises are only as secure as their weakest third-party link and unfortunately, when this weakness is leveraged by cybercriminals, it can set off a domino effect of security risks with long-term negative impacts on the company finances, reputation, employee welfare and customer’s personal data.
Let’s take a look at Uber — the latest breach, the so-called “UberLeaks”, has allegedly exposed a large amount of company data, including IT asset information, and more than 70,000 employee email addresses. No customer data was reported to be stolen.
Attacks like this open the door to highly targeted spear phishing campaigns, which use the leaked information to send highly believable targeted emails and texts. These messages are designed to steal credentials, money, or other sensitive information. Phishing like this puts Uber and other similarly targeted organizations, plus their employees and stakeholders at greater risk.
This latest attack comes just months after Lapsus$ reportedly accessed the company’s internal network, which has the potential to erode the trust of its stakeholders and customers. According to BlueVoyant’s threat intelligence, Lapsus$ is a financially-motivated cyber criminal group that claimed responsibility for reported attacks on Okta, NVIDIA, Samsung, and others.
In that attack, the threat actors used social engineering to get around multi-factor authentication, or MFA. MFA uses multi pieces of information to access an account or system, such as a password and a code from an app. It increases cybersecurity, but was recently reportedly used to attack Uber and Rockstar Games.
Continue reading on the BlueVoyant blog.
Autor: Lorri Janssen-Anessi and Tom Huckle
Fachartikel

Wie Unternehmen den Kernproblemen des Modern Workplace begegnen können

Angriffe auf Unternehmensdaten: Zwei Drittel aller Endpoints sind betroffen

Wie Sie die Datensicherheitsanforderungen Ihrer Kunden erfüllen

Welche Rolle spielt ein CISO bei einem Cyberangriff?

Hosted in Germany: Warum die deutsche Cloud immer noch die sicherste Wahl ist
Studien

Studie zeigt: Verbraucher fordern mehr Kontrolle über ihre Daten ein

Das Digital Trust-Paradox: Wichtig, aber keine Priorität

NETSCOUT nGenius Enterprise Performance Management erzielt eine Investitionsrendite (ROI) von 234 %

Studie offenbart, wie sich deutsche CISOs gegen Cyber-Kriminelle wehren können

Neue Studie: 35 Prozent der befragten Unternehmen vernachlässigen die Sicherheit beim Datenaustausch
Whitepaper

Zero Friction: die Zukunft der Sicherheit

Bundesverband IT-Sicherheit e.V. (TeleTrusT) veröffentlicht Leitfaden „Cloud Supply Chain Security“

„Security by Design“: Zukunftsfähiges Konzept für Informationssicherheit und Datenschutz im Produktlebenszyklus

19. Deutscher IT-Sicherheitskongress eröffnet – BSI informiert über Chancen und Risiken von KI-Sprachmodellen
