Identity Hack at Uber Illustrates the Power of Quickly Discovering Identities’ Unusual Activity
Updated: Oct 13
Activity-based identity risk detection is a visionary approach to more comprehensive protection – It’s part of ITDR that goes far beyond basic ITDR
Earlier last month, it was reported that a successful cyberattack impacted Uber. Since it appears this started via a simple phishing attack – someone sent an Uber employee a phishing email – let’s use this Uber attack as an opportunity to illustrate the ways in which such classic attacks are prevented in relation to ITDR:
Identify the Phishing Source: The first most basic level of defense against such a threat is an anti-phishing system that may have simply labeled the email to be a phishing email at the onset. That’s the first and most basic layer that is often used to fight these.
Identity the Location: The second step is more critical. Let’s assume it was missed and the email got through. The attacker made the employee type in their credentials, and they have successfully stolen those credentials. Now, activity based identity threat detection really shines because of the concept of geo fencing. By using geo fencing, organizations are far more likely to be alerted to the fact that someone OUTSIDE of the organization is now accessing assets (clearly, from a location where no one associated with the company is located).
Identify an Identity’s Unusual Activity: The third level also surrounds ITDR but includes a powerful added layer of much-needed visibility. This properly deployed ITDR solution (could be labeled ITDR+) would be able to detect that the activity of that “employee” is not in line with the usual activity associated with that specific employee. It’s no longer only about location, but about what an identity is DOING. It’s combining data that other traditional ITDR solutions and other piecemeal tools are not capable of using to discover the threat as easily.
An activity-based identity threat solution such as AuthMind (that goes beyond ITDR) can see that unauthorized users are accessing assets and flag it. It can identify that the cybercriminal didn’t just use the credentials to access the application he used to gain access to the network, but that the criminal was also using it to access other applications. AuthMind notices when users who are not actually authorized are trying to access certain assets. Both the identities and the assets are being accessed by the crook and that spells big trouble in most cases.
So, it’s clear from the above that there is a set of different levels of detection within the ITDR-labeled solutions. Some go far deeper than others. The beauty of going beyond ITDR to detect identity risks is the rapid noticing of the progression of the problem by noticing the hacker is going elsewhere around the network, based on their actual activity. That organization is going to pick up that it’s not really the user it looks like. Activity-based identity risk detection is the driving force that ultimately makes AuthMind a robust package.