Australian airline Qantas disclosed that it detected a cyberattack on Monday after menace actors gained entry to a third-party platform containing buyer knowledge.
Qantas is Australia’s largest airline, working home and worldwide flights throughout six continents and using round 24,000 folks.
In a press launch issued Monday evening, the airline states that the assault has been contained, however a “important” quantity of knowledge is believed to have been stolen. The breach started after a menace actor focused a Qantas name centre and gained entry to a third-party buyer servicing platform.
“On Monday, we detected uncommon exercise on a 3rd occasion platform utilized by a Qantas airline contact centre. We then took fast steps and contained the system. We are able to verify all Qantas programs stay safe,” Qantas said.
“There are 6 million clients which have service information on this platform. We’re persevering with to research the proportion of the information that has been stolen, although we count on it will likely be important. An preliminary assessment has confirmed the information contains some clients’ names, electronic mail addresses, cellphone numbers, beginning dates and frequent flyer numbers.”
Qantas says no bank card or private monetary info was uncovered, and frequent flyer account passwords, PINs, and login particulars weren’t impacted.
After detecting the breach, Qantas says it notified the Australian Cyber Safety Centre, the Workplace of the Australian Data Commissioner, and the Australian Federal Police. It is unclear if exterior cybersecurity specialists are aiding with the investigation.
Scattered Spider assaults goal aviation corporations
This assault comes as cybersecurity corporations warn that hackers often called “Scattered Spider” have begun focusing on the aviation and transportation industries.
Whereas it’s unclear if this group is behind the Qantas assault, BleepingComputer has discovered the incident shares similarities with different current assaults by the menace actors.
Scattered Spider (additionally tracked as 0ktapus, UNC3944, Scatter Swine, Starfraud, and Muddled Libra) is a bunch of menace actors identified for his or her conducting social engineering and identity-based assaults in opposition to organizations worldwide, generally utilizing phishing, SIM swapping, MFA bombing, and assist desk cellphone calls to achieve entry to worker credentials.
In September 2023, they escalated their assaults by breaching MGM Resorts and encrypting over 100 VMware ESXi hypervisors utilizing BlackCat ransomware after gaining entry by impersonating an worker. They’ve additionally partnered with different ransomware operations, corresponding to RansomHub, Qilin, and DragonForce. Different organizations focused by Scattered Spider embrace Twilio, Coinbase, DoorDash, Caesars, MailChimp, Riot Video games, and Reddit.
After just lately specializing in retail and insurance coverage firms, cybersecurity corporations warned on Friday that Scattered Spider had shifted its consideration to aviation, with current assaults on Hawaiian Airways and WestJet believed to be linked to the menace actors.
BleepingComputer has discovered that within the WestJet breach, menace actors exploited a self-service password reset to achieve entry to an worker’s account, which was then used to breach the community.
The menace actors have been using a sector-by-sector strategy to their assaults, and it’s unclear if they’re executed with the aviation sector and what business will probably be focused subsequent.
Organizations defending in opposition to the sort of menace ought to begin by gaining full visibility throughout your complete infrastructure, identification programs, and significant administration companies.
This contains securing self-service password reset platforms, assist desks, and third-party identification distributors, which have develop into widespread targets of those menace actors.
Each Google Menace Intelligence Group (GTIG) and Palo Alto Networks have launched guides on hardening defenses in opposition to the identified “Scattered Spider” techniques, which admins ought to familiarize themselves with.
Different current cyberattacks believed to be related to Scattered Spider embrace M&S, Co-op, Erie Insurance coverage, and Aflac.
Whereas cloud assaults could also be rising extra subtle, attackers nonetheless succeed with surprisingly easy strategies.
Drawing from Wiz’s detections throughout 1000’s of organizations, this report reveals 8 key strategies utilized by cloud-fluent menace actors.
