1
Cyber Security Questions
Student’s Name
Institutional Affiliation
Professor’s Name
Course Code
Date
, 2
Cyber Security Questions
Question One
Following rumors that a hacker had infiltrated its internal network, Uber announced that
it was reacting to a cybersecurity incident. According to Ijlal (2022), the hacker utilized social
engineering to gain access to a personnel's Slack account and got them to produce a passcode
that granted them entry to Uber's computer systems. On a network file share, the hacker found
high-privileged passcodes that they used to get access to all systems, including operational ones.
He is also thought to have acquired access to the Uber cloud services, where the company stores
its source code and user information.
The Uber incident demonstrates that multi-factor authentication is not a failsafe and that
alarmingly successful MFA fatigue tactics, whereby a user spams MFA messages until he is
allowed the action, are possible (Ijlal, 2022). Additionally, it teaches businesses to spend more
money on social engineering assessments and, if they don't already have them, to include them in
their bug bounty schemes. MFA number matching, which essentially renders social engineering
threats much more challenging by providing a code on the user's screen and requiring them to
type that code into an app on their verified device, is what I would advise. The notion is that,
similar to a security key, the attacker would require both the target's credentials and their
confirmed device.
Question Two
Lakshmanan (2022) mentions a new social engineering initiative by hackers associated
with the Iranian government has targeted experts in nuclear security, genome research, and
Middle Eastern affairs in an attempt to obtain sensitive data. It begins with a phishing email that
pretends to be from a legitimate employee of a Western group that studies foreign affairs and is
Cyber Security Questions
Student’s Name
Institutional Affiliation
Professor’s Name
Course Code
Date
, 2
Cyber Security Questions
Question One
Following rumors that a hacker had infiltrated its internal network, Uber announced that
it was reacting to a cybersecurity incident. According to Ijlal (2022), the hacker utilized social
engineering to gain access to a personnel's Slack account and got them to produce a passcode
that granted them entry to Uber's computer systems. On a network file share, the hacker found
high-privileged passcodes that they used to get access to all systems, including operational ones.
He is also thought to have acquired access to the Uber cloud services, where the company stores
its source code and user information.
The Uber incident demonstrates that multi-factor authentication is not a failsafe and that
alarmingly successful MFA fatigue tactics, whereby a user spams MFA messages until he is
allowed the action, are possible (Ijlal, 2022). Additionally, it teaches businesses to spend more
money on social engineering assessments and, if they don't already have them, to include them in
their bug bounty schemes. MFA number matching, which essentially renders social engineering
threats much more challenging by providing a code on the user's screen and requiring them to
type that code into an app on their verified device, is what I would advise. The notion is that,
similar to a security key, the attacker would require both the target's credentials and their
confirmed device.
Question Two
Lakshmanan (2022) mentions a new social engineering initiative by hackers associated
with the Iranian government has targeted experts in nuclear security, genome research, and
Middle Eastern affairs in an attempt to obtain sensitive data. It begins with a phishing email that
pretends to be from a legitimate employee of a Western group that studies foreign affairs and is
