‘These attacks are going to continue': Qantas cyber breach impacts six million
'This is an adversary we track very closely, they are a group of young people globally distributed, but mostly in Western countries,' Mr Winterford told Sky News Australia.
'I think organisations need to assume these attacks are going to continue."
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Sky News AU
3 hours ago
- Sky News AU
'These attacks are going to continue': Cyber threat expert issues ominous warning after millions of Qantas customers hit in cyberattack
A leading cyber threat expert has warned organisations data breaches will continue after Qantas was targeted in a major cyberattack last week. About six million Qantas customers had their personal details stolen in the cyberattack. The airline's CEO Vanessa Hudson sent an email to all customers, not just those impacted, noting that some travellers' names, email addresses, dates of birth and Frequent Flyer numbers were taken in the hack. However, no credit card details, personal financial information or passport details were accessed while Frequent Flyer accounts along with passwords, PIN numbers and log in details were also uncompromised. Okta Global Head of Threat Intelligence Brett Winterford said the group behind the cyber attack on Australia's national airline was a known adversary, his organisation tracks 'very closely'. 'They are a group of young people, globally distributed, but mostly in western countries,' he told Sky News on Sunday. Mr Winterford described the cyber attackers as 'social engineering specialists' who cunningly acquire information to assist them in breaching the sensitive information of millions of people. 'They tend to call the IT help desk of a targeted organisation, someone that they want to breach, and they will pretend to be a very senior executive in that organisation and ask for something as simple as their password to be reset,' he said. Once access to the account is gained, the hacker moves 'laterally' to access the system and data they need to perform an extortion event or deploy ransomware. 'This is something we've seen at scale over three or four years now, among our global customers, very interesting to see this happening in Australia now,' Mr Winterford said. Mr Winterford said the individuals were 'loosely affiliated' without a hierarchy or structure, instead they communicate on online forums and 'one-up' each other in their capacity to disrupt and debilitate companies through their cyberattacks. 'They share a lot of resources with each other and when any of these attackers have success against one particular organisation, like aviation, there tends to be a bit of a pile-on effect where the rest of the individuals will try to one up their colleagues,' he said. 'We've seen them do this against gaming companies a few years ago. They recently had a spate of attacks against UK retailers, US insurers, now aviation.' The cyber threat intelligence expert said there were a 'large number' of these individuals, and about half a dozen had been arrested, but it takes time for law enforcement to get their 'arms around them'. 'I think organisations need to assume these attacks are going to continue,' he said. Mr Winterford said his own organisation, which is leading identity platform globally, had also been targeted by similar cyber groups and strived to adapt and quickly identify attacks. 'If you're a Qantas customer the most important thing to do is to remain vigilant at the moment,' he said. 'You need to be making sure that anytime you sign into a Qantas property that it is Mr Winterford said as customers and users of Qantas' services did not have much 'agency' over the stolen details which could not be easily changed, the onus was on the airline to ensure users were protected. Qantas first detected unusual activity on a third-party platform used by an airline contact centre on Monday. The airline said it took "immediate steps and contained the system" and assured customers all of the airline's systems remained secure. An investigation into the cyber incident is ongoing, and additional security measures are also being put in place to "further restrict access and strengthen system monitoring and detection".
West Australian
12 hours ago
- West Australian
‘Disappointing, frustrating': How Qantas data breach exposes deep flaws in Australia's cyber defences
The cyberattack targeting the personal data of customers with Qantas is the latest in a string of breaches affecting millions of Australians, as hackers target major companies and exploit weak spots in the systems they rely on. The breach, detected by the Flying Kangaroo on June 30, originated from a third-party customer servicing platform used by one of the airline's contact centres. Cybersecurity experts said the breach is part of a much broader problem - and corporate Australia is falling short. Dr Hammond Pearce, a lecturer in computer science and engineering at UNSW, told NewsWire the embarrassing incident at Qantas highlights a dangerous complacency among major companies. 'It's disappointing and frustrating that a company of this size and means, one which has tremendous importance to everyday Australians, is unable to safeguard our data,' Dr Hammond said. Although contained, the latest attack may have compromised names, phone numbers, email addresses, dates of birth, and frequent flyer numbers. Credit card details, passports, and login credentials were not affected. The suspected culprits are the cybercrime group Scattered Spider, known for targeting large organisations through helpdesk systems operated by third-party platforms, often using sophisticated social engineering techniques. The breach comes amid a significant surge in cyberattacks across Australian sectors. In April this year, thousands of AustralianSuper and Rest members were affected by 'credential stuffing' attacks, where hackers used stolen login details from past breaches to access accounts. The attackers siphoned off $500,000 from just four accounts. The Australian Signals Directorate, a Federal Government intelligence agency, responded to over 1100 cyber security incidents and 36,700 hotline calls in 2023–24, a 12 per cent jump on the previous year. Data breach notifications spiked 15 per cent in the second half of 2024. Healthcare remains the most targeted industry, with 102 reported breaches in the latter half of last year. Financial institutions and manufacturers are also under siege, with attackers exploiting stolen credentials, ransomware, and legacy technologies to halt operations or access sensitive information. Dr Hammond said it's becoming clear that large datasets of personal information, like names, birth dates, and phone numbers, should be 'treated as liabilities, not assets.' 'In Australia, as in many countries, the mass collection and retention of data is usually encouraged from a business point of view. 'Only the government has the abilities to bring in privacy-first rules which can motivate changes to this practice,' he said, urging regulatory reform to force companies to treat personal data with the seriousness it deserves. He warned that the accumulation of personal data is not only a risk in itself but a direct path to further harm. 'There is the very real potential for down-stream attacks whereby the stolen data is used for scams and other schemes; they might reach out to you pretending to be someone they are not,' he said. Dr Hammond said that while Qantas acted appropriately after discovering the breach, its overall cybersecurity posture was 'insufficient' — a pattern seen repeatedly across Australian organisations. 'Qantas is not alone in this regard, it is just the latest in a long string of companies which have had data breaches, and it is fast becoming time for a proper regulatory overhaul to require that these companies treat our data with the concern that it deserves,' he said. The Qantas breach follows a rising number of incidents linked to third-party vendors. Experts say supply chain vulnerabilities now account for the majority of data breaches in Australia, and organisations must hold external providers to the same high cybersecurity standards as internal systems. Stephen Kho, cybersecurity expert at Avast, told Newswire that businesses must go beyond simply defending against threats and start preparing. 'Businesses, no matter their size, need to accept that cyberattacks are no longer a matter of 'if', but 'when'. That means shifting from a purely defensive mindset to one of preparation and resilience,' Mr Kho said. While AI was not involved in the Qantas incident, cybersecurity professionals are increasingly warning that artificial intelligence will supercharge future threats. Scammers are now using AI to craft phishing messages, mimic voices, and even create deepfakes to deceive victims. As the technology advances, impersonation attacks and targeted scams are becoming harder to detect and more damaging. Mr Kho said prevention is still the best defence against increasingly sophisticated attacks, and he has advice for both the public and businesses. He recommends using a password manager to generate strong, unique logins for every account, keeping devices and apps updated to patch known vulnerabilities, and staying alert to anything that seems suspicious. 'A healthy dose of scepticism online is one of the best defences you have,' he said. Mr Kho also urges people to act quickly if something seems off, such as receiving unexpected verification codes, password reset emails, or strange messages from friends, as these may be signs an account has been compromised. If caught up in a breach, he advises updating sensitive passwords, monitoring bank statements, and watching out for phishing scams impersonating trusted brands like Qantas. 'The goal is to contain the damage before it escalates,' he said. For businesses, he urges companies to invest in secure infrastructure, regularly patch software, educate staff, and prepare a clear incident response plan if a breach occurs. 'How quickly and transparently a business responds can have a huge impact on how customers perceive and trust the brand afterwards.' The federal government has pledged up to $20 billion by 2033 to strengthen Australia's cyber defences and has launched awareness campaigns like 'Stop. Check. Protect.' to help Australians recognise and avoid online scams. But Dr Hammond argues that meaningful progress requires more than public awareness — it demands a systemic overhaul. 'It is fast becoming time for a proper regulatory overhaul to require that these companies treat our data with the concern that it deserves,' he said. Until then, Australians are being urged to take their own precautions, because as the Qantas breach makes clear, even the biggest and most trusted companies are far from immune.
Sky News AU
14 hours ago
- Sky News AU
‘These attacks are going to continue': Qantas cyber breach impacts six million
Okta Global Head of Threat Intelligence Brett Winterford has warned organisations data breaches are 'going to continue' after Qantas was targeted in a major cyberattack last week. 'This is an adversary we track very closely, they are a group of young people globally distributed, but mostly in Western countries,' Mr Winterford told Sky News Australia. 'I think organisations need to assume these attacks are going to continue."
