September 16, 2022 – The Cyber Security Association of Pennsylvania has issued a recommendation for users of popular ride share service Uber to update their user credentials.

Uber has announced that they are investigating a wide-reaching security breach that was started when an employee answered a text message from a person impersonating IT support with their user credentials.

This gave the impersonator access to Uber's systems which from screenshots surfacing online include the employee Slack (communications) tool, and Uber's Cloud Services on Amazon Web Services (AWS) and Google Cloud (and likely others).  Shortly before Uber’s Slack system was taken offline, Uber employees received a message that read “I announce I am a hacker and Uber has suffered a data breach.”

The impersonator also has gained access to Uber's HackerOne account which is used by the Cyber Security Community (Ethical - The Good Guys) to report other security vulnerabilities in the platform.  Access to this system now allows the impersonator access into reported unpatched zero-days and other security related communication.

So, this is a very severe breach and knowing the level that this cyber criminal was able to gain from a single person's account is to raise concern.

From what I have read Uber has not acknowledged if their payment systems, user accounts, or passwords were also breached but it is very possible based on what I am seeing was already acknowledged as outlined above.  Uber likely has strong encryption practices in place to protect your payment information and passwords, but even encrypted data poses a risk of being decrypted.

What do you do?

Due to the ability of the cyber criminal to browse multiple aspects of the Uber systems, the Cyber Security Association of Pennsylvania advises all users to log into Uber and update your passwords.  If you are using the same password for multiple platforms you should update those as well with different passwords.

Be aware of text messages and emails coming from Uber - and others.  Bottom line, never share your password.

Over the next couple weeks watch your credit cards, and any other accounts that used that same password (should be none) for unusual activity.

Finally, let Uber run the investigation – they (or the cyber criminal) are the best sources of actual facts at the moment.

Norton360 by NortonLifeLock Inc., has recently updated its popular antivirus product to include a new cryptocurrency mining component.  The cloud-based service which is now part of the application allows customers to profit from the scheme, while Norton takes a 15% portion of any Ethereum currencies mined.

While the feature is described as opt-in, numerous users are complaining that the component auto-enabled and worse is difficult to remove once installed.

The Cyber Security Association of Pennsylvania is publishing this alert as trusted antivirus applications should be there to protect users against threats including unwanted crypto miners. 

Norton Crypto will increase the energy consumption for systems it is enabled on as well as worldwide, costing consumers and businesses more in electricity use than they will likely see from the mining profits. 

Scott Davis, President of the Cyber Security Association of Pennsylvania, stated that “If you are using Norton360 you want to ensure that Norton Crypto is disabled and remove the NCrypt.exe file that is created to perform the mining”.  Mr. Davis added, “if you are using Norton360 as your antivirus vendor you should consider moving to another vendor for your Antivirus software.”

If you are not sure what antivirus vendor you are using, consult with your trusted IT department or vendor today.