Topline
Rockstar Games—the developers of the popular Grand Theft Auto series of video games—was hacked just days after ride-hailing giant Uber’s servers were targeted in a similar breach, purportedly by the same hacker who used a process called social engineering, a highly effective mode of attack that relies on deceiving employees of a targeted company and can be difficult to guard against.
An alleged teenage hacker managed to breach the internal database of Rockstar Games and leaked … [+]
AFP តាមរយៈគេហទំព័រ Getty Images
ការពិតសំខាន់
ស្រដៀងនឹងឯកសារ Uber hack, the hacker who goes by the alias “TeaPot” alleged he gained access to Rockstar Games’ internal messages on Slack and early code for their unannounced Grand Theft Auto sequel by ទទួលបានការចូលដំណើរការ to an employee’s login credentials.
While the exact details of the Rockstar breach are unclear, in Uber’s case the hacker បានអះអាង he masqueraded as a company IT person and convinced an employee to share their login credentials.
Unlike other modes of attacks that rely on flaws in a company’s security architecture, social engineering targets people and relies on manipulation and deception.
ក្រុមអ្នកជំនាញបាន ឈ្លោះប្រកែកគ្នា that humans still remain the “weakest link” in cybersecurity as they can be easily deceived to click on malicious links or share their login credentials.
Unlike other methods, social engineering is also effective in defeating certain enhanced វិធានការសន្តិសុខ like one-time passwords and other multifactor authentication methods.
សម្រង់សំខាន់
Rachel Tobac, the CEO of cybersecurity firm SocialProof Security and an expert on social engineering tweeted: “The hard truth is that most [organizations]
in the world could be hacked in the exact way Uber was just hacked…Many [organizations] still don’t use [Multi Factor Authentication] internally…& don’t use password managers (which leads to saving creds in easily searchable places once an intruder gets in).”
សាវតាសំខាន់
Social engineering has been used to carry out several high-profile hacks in recent years, including the ប្លន់ of more than 100 prominent Twitter accounts—among them Elon Musk, former President Barack Obama, Bill Gates and Kanye West—which were then used to promote a bitcoin scam. The hacks were carried out by teenagers who managed to gain access to Twitter’s internal networks by targeting “a small number of employees” យោងទៅតាម the social media company. Last month, both Cloudflare and Twilio were also targeted in a type of social engineering attack called “phishing” where employees were tricked into opening a message that was disguised to appear as legitimate company communication but included a malicious link. Twilio, which provides messaging and two-factor authentication services, បានបង្ហាញ that the hackers had managed to breach the company’s internal databases and gained access to an undisclosed number of customer accounts. Cloudflare, an online content delivery network, បានកត់សម្គាល់ the hackers were not able to access its internal network.
contra
Unlike Twilio, Uber and Rockstar, which had their internal systems breached, Cloudflare managed to avoid this fate due to its use of hardware-based security keys. Unlike other multifactor authentication methods like text messages and one-time passwords, hardware security keys are much more secure against social engineering attacks. A targeted employee can be tricked into sharing the details of a text message or a one-time password but the hacker needs to gain physical possession of a hardware security key to gain access to an account. Hardware security keys come in various forms including USB sticks or Bluetooth dongles and they need to be plugged in or connected to a device that is trying to gain access to a protected account. Hackers who gain access to employee credentials will not be able to access their accounts that use this form of security without physically gaining access to their keys. In 2018, Google បានប្រកាស that none of its 85,000 had successfully been targeted through a phishing attack after it mandated the use of physical security keys a year earlier.
លេខធំ
323,972. That is the total number of complaints of social engineering attacks received by the FBI in 2021—almost three times higher than what it was in 2019—according to the agency’s annual របាយការណ៍ឧក្រិដ្ឋកម្មតាមអ៊ីនធឺណិត. During this period, hackers managed to steal a total of $2.4 billion by compromising business email accounts through social engineering techniques.
អ្វីដែលត្រូវមើល
Bloomberg’s Jason Schreier speculated the recent hack may prompt Rockstar to ការរឹតបន្តឹងកន្លែង on remote work. Cybersecurity experts have បានប្រកែកពីមុន that remote work may require more precautions as it leaves employees more vulnerable to social engineering attacks.
អានបន្ថែម
Uber និយាយថាវាឆ្លើយតបទៅនឹង 'ឧប្បត្តិហេតុសន្តិសុខតាមអ៊ីនធឺណិត' បន្ទាប់ពីមានការចោទប្រកាន់ថាបានលួចទិន្នន័យផ្ទៃក្នុង (ទស្សនាវដ្តី Forbes)
Uber Hacker Claims To Have Hacked Rockstar Games, Releases GTA 6 Videos (ទស្សនាវដ្តី Forbes)
FBI Probes Uber & GTA 6 Hacks, U.K. Teen Extortion Gang Leader Suspected (ទស្សនាវដ្តី Forbes)
Source: https://www.forbes.com/sites/siladityaray/2022/09/20/social-engineering-how-a-teen-hacker-allegedly-managed-to-breach-both-uber-and-rockstar-games/