All it can take is a phone call. That’s What Qantas Learned This Week When the Personal Information of Up to 6 Million Customers was Stolen by Cybercriminals after Attackers targeted an offshore it call, enabling them to acry Third-party system.
It is the latest in a series of Cyber-Attacks on Large Companies in Australia Involving The Personal Information of Millions of Australians, After the Attack on Optus, Medibank and Most Recen $ 4T Superannuation Sector.
The Qantas Attack Came Just Days after Us Authorities Warned The Airline Sector Had Been Targeted by a Group Know as Scatted Spider, Using Social Engineering Technique, Including Impersonating Employees or Contractors to DECEVE it Help Desks Into Granting Access, and Bypassing Multi-Factor Authentication.
New Technology Brings Old Methods
Why companies may spend millions keep their systems secure and software up-to-date to plug knowledge vulnerabiits, hackers can turns to this form of attacc to target, often, of of Humans.
Social engineering is not new. It predats the Internet, Involving Tricking Someone Into Providing Compromising Information.
The most common way people would see social engineering in practice is through phishing attacks – emails that are designed to look official to lure unsuspecting people into providing their login and Passwords.
The phone-call version of social engineering, Known as Vishing, Can Be More Complicated for the Attacker, Requiring Research into a Company and Its Empolyees, and its convinks to South Convincing Over the PHOTH Unwitting worker to let them in.
The Arrival of Easy-to-use Artificial Intelligence Products, Including Voice Cloning, will only make this easier for ass.
The office of the Australian Information Commissioner’s Most Recent Data Breaches Report, Covering The Second Half of 2024, Noted A Significant Rise in Reports of Breaches Causes Causes Causes With government agencies reporting the most, followed by finance and health.
The Qantas Breach – That Compromised Information Information Names, Email Addresses, Phone Numbers, Dates of Birth and Frequent Flyer Numbers – In Isolation Might Not Lead to Financial Loss, But the Growing Number of Data Breaches in Australia means hackers are able to collect data collected across the breaches and potentially launch attacks on unsuspecting new targets.
Data Breaches causing more data breaches
In April, The Nation’s Supremerannuation Funds BECAME Aware of the Dangkers of Hackers Collecting Compromised Login Details from Other Breaches to Gain Access to Supers Accounts, In What Is Terry Stuffing.
The industry was fortunate only a handful of customers sufered losses, togeether approximately $ 500,000 – Likely a combination of the funds locking down systems, and the high Proporting of Funders who have had Yet to reach the age where they can access their super.
The albanese government, however, has been warned that the attack was a canary in the coalmine for the financial sector. In Advice to the Incoming Government in May – Released this week under freedom of information laws – The Australian Prudential Regulation Authority (Apra) Warned Super Assets was at Risk.
“Cyber-Attacks at Large Superannuation Funds, that look likely to increase in scope and frequency, highlight that capability in the management of cyber and operational risks MUT IPROVE,”
“While The Number of Member Accounts that Had Funds Frauds Fraudulntly Withdrawn Was Small, The Incident Highlighted The Need for this Sector to UPLIFT Its Cybeculture and Operational Resilence Maturity Maturity.
“This need will only grow as the sector increase in size, More Members Enter Retirement and the Sector Takes on Greater Systemic Significance with Inter-Linkages to the Banking Sector.”
after newsletter promotion
Apra had warned the sector in 2023 of the importance of Multi-Factor Authentication-Something some of the funds had fled to implement before the April Attack.
The regulator said there was also sustained cyber-atacks on banking and insurance businesses, and third-party providers that were “Continuing to Test Resilience and Defense as Atackers Develoop New Technology And Approaches ”.
Who is most at risk?
Healthcare, Finance, Technology and Critical Infrastructure, Such as Telecommunications, Were Most at Risk from Cyber Threats, According to Craig Searle, Global Leader of Cyber Advise AT Global Cybersecurity firm Trustwave.
“The technology sector is uniquely expected due to its Central Role in Digital Infrastructure and Interconnected Supply Chains,” He said. “An attack on a single tech provider can cascade to Hindreds or Thousands of Downstream Clients, as Seen in Recent High-Profile Supply Chain Breaches.
“Overall, the sectors most at risk are that with high-value data, complex supply chains, and critical service delivery.”
Searle Said Attackers like scattered spider deliberately targeted third-party systems and outsourced it support, as seen in the Qantas breach, representing a rain for larger.
“The Interconnected Nature of Digital Supply Chains means a vulnerability or misconfiguration in a partner or contractor can trigger a domino afect, exposing sensitive data and opening the inaitial Breach, “He said.
Christiaan Beeek, Senior Director for Threat Analytics at Cybersecurity Firm Rapid7, Said Third-Parthy Systems Had Bankame An Integral Part of many organisations’ Business Operations and, AS AS AS AS AS AS AS AS AS AS AS AS AS A Increasingly targeted by threat actors.
“It’s essential for organisations to apply the right levels of due diligence in assessing the security posture of such posture of
Searle Said Organizations Needed to Shift from Reactive to Proactive Cybersecurity, Apply Software Petches Promptly and Enforce Strong Accsses Control Such as Multi-decisions.
Beeek agreed Organizations Needed to Be Proactive, with Executives Held Accountable For Cybersecurity in their Organizations, as well as board oversight.
“The novel tactics observed by modern-day cybercrime groups, the typical confines of Security Management Programs,” He said. “The No-Limits Approach of these criminals pushes us to retaink the typical boundary of defense, in particular surrounding social engineering and the ways in which we can be taken advantage of.”
