Latest news with #Winterford
Sky News AU
11 hours ago
- Business
- Sky News AU
'These attacks are going to continue': Cyber threat expert issues ominous warning after millions of Qantas customers hit in cyberattack
A leading cyber threat expert has warned organisations data breaches will continue after Qantas was targeted in a major cyberattack last week. About six million Qantas customers had their personal details stolen in the cyberattack. The airline's CEO Vanessa Hudson sent an email to all customers, not just those impacted, noting that some travellers' names, email addresses, dates of birth and Frequent Flyer numbers were taken in the hack. However, no credit card details, personal financial information or passport details were accessed while Frequent Flyer accounts along with passwords, PIN numbers and log in details were also uncompromised. Okta Global Head of Threat Intelligence Brett Winterford said the group behind the cyber attack on Australia's national airline was a known adversary, his organisation tracks 'very closely'. 'They are a group of young people, globally distributed, but mostly in western countries,' he told Sky News on Sunday. Mr Winterford described the cyber attackers as 'social engineering specialists' who cunningly acquire information to assist them in breaching the sensitive information of millions of people. 'They tend to call the IT help desk of a targeted organisation, someone that they want to breach, and they will pretend to be a very senior executive in that organisation and ask for something as simple as their password to be reset,' he said. Once access to the account is gained, the hacker moves 'laterally' to access the system and data they need to perform an extortion event or deploy ransomware. 'This is something we've seen at scale over three or four years now, among our global customers, very interesting to see this happening in Australia now,' Mr Winterford said. Mr Winterford said the individuals were 'loosely affiliated' without a hierarchy or structure, instead they communicate on online forums and 'one-up' each other in their capacity to disrupt and debilitate companies through their cyberattacks. 'They share a lot of resources with each other and when any of these attackers have success against one particular organisation, like aviation, there tends to be a bit of a pile-on effect where the rest of the individuals will try to one up their colleagues,' he said. 'We've seen them do this against gaming companies a few years ago. They recently had a spate of attacks against UK retailers, US insurers, now aviation.' The cyber threat intelligence expert said there were a 'large number' of these individuals, and about half a dozen had been arrested, but it takes time for law enforcement to get their 'arms around them'. 'I think organisations need to assume these attacks are going to continue,' he said. Mr Winterford said his own organisation, which is leading identity platform globally, had also been targeted by similar cyber groups and strived to adapt and quickly identify attacks. 'If you're a Qantas customer the most important thing to do is to remain vigilant at the moment,' he said. 'You need to be making sure that anytime you sign into a Qantas property that it is Mr Winterford said as customers and users of Qantas' services did not have much 'agency' over the stolen details which could not be easily changed, the onus was on the airline to ensure users were protected. Qantas first detected unusual activity on a third-party platform used by an airline contact centre on Monday. The airline said it took "immediate steps and contained the system" and assured customers all of the airline's systems remained secure. An investigation into the cyber incident is ongoing, and additional security measures are also being put in place to "further restrict access and strengthen system monitoring and detection".
Sky News AU
a day ago
- Sky News AU
‘These attacks are going to continue': Qantas cyber breach impacts six million
Okta Global Head of Threat Intelligence Brett Winterford has warned organisations data breaches are 'going to continue' after Qantas was targeted in a major cyberattack last week. 'This is an adversary we track very closely, they are a group of young people globally distributed, but mostly in Western countries,' Mr Winterford told Sky News Australia. 'I think organisations need to assume these attacks are going to continue."
Axios
5 days ago
- Business
- Axios
Hackers abuse generative AI tool to create phishing sites in 30 seconds
In as little as 30 seconds, hackers are using a popular generative AI development tool to build phishing sites mimicking login pages, according to researchers at identity management company Okta. Why it matters: At least one of the cloned phishing pages was a replica of Okta's own login portal. If successful, such a lure could have allowed attackers to harvest users' Okta credentials and gain access to sensitive corporate systems. Driving the news: In a report first shared with Axios, Okta revealed that threat actors have been abusing Vercel's v0 to generate a fake Okta sign-in page. Brett Winterford, vice president of Okta Threat Intelligence, told Axios that this is the first time the company has seen cybercriminals use a generative AI tool to create the phishing infrastructure itself, not just the contents of a phishing email or other lure. How it works: v0 allows users to create websites using only natural-language prompts. In a video shared with Axios, Okta researchers demonstrated how easily they could create a convincing phishing page simply by prompting v0 to "build a copy of the website While investigating the incident, Okta also uncovered phishing sites hosted on Vercel's platform targeting users of cryptocurrency services and Microsoft 365. Threat level: Winterford said Okta doesn't have any evidence yet that hackers successfully harvested credentials through these sites. But in the weeks that Okta spent investigating the one instance of a phishing site targeting one of its customers, researchers observed threat actors had used v0 to spin up new sites targeting other tech platforms. Vercel has since removed access to the identified phishing sites and is collaborating with Okta to develop mechanisms for third-party reporting of abuse on the v0 platform. "Like any powerful tool, v0 can be misused," Ty Sbano, CISO at Vercel, told Axios in a statement. "This is an industry-wide challenge, and at Vercel, we're investing in systems and partnerships to catch abuse quickly and keep v0 focused on what it does best: helping people build powerful web apps." The big picture: Security researchers have long warned that generative AI could accelerate low-sophistication cyberattacks like phishing. "We've got to stop adding to our defensive measures by increment and just tweaking around the edges," Winterford said. "The attackers are going to innovate faster than we can as defenders." The intrigue: Okta also found cloned versions of the v0 tool circulating on GitHub, meaning hackers could continue generating phishing sites even if Vercel cracks down on abuse. The bottom line: Okta says the only way to defend against these phishing attacks is to turn to passwordless technologies, noting that the old ways of spotting a phishing website don't apply anymore.
