Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Darktrace CISO says breach shows “many hallmarks of the Scattered Spider ransomware group”.
Hours after Australia’s national carrier, Qantas, confirmed that it had been the victim of a cyber attack, experts are already saying the culprit is very likely the hacking collective known as Scattered Spider.
“Initial reports on Qantas’ cyber breach show many hallmarks of the Scattered Spider ransomware group, which claimed responsibility for attacks against America’s Hawaiian Airlines and Canada’s Westjet last week, and the crippling attack against Marks & Spencer in the UK in April,” Tony Jarvis, field chief information security officer and vice president APJ at Darktrace, told Cyber Daily.
“Scattered Spider are thought to be native English speakers who don’t just exploit technical vulnerabilities but manipulate people, especially IT help desks, through phishing, multi-factor authentication (MFA) bombing, and SIM swapping to gain access.”
Qantas said in a 2 July statement that it had detected “unusual activity” on a third-party customer service platform on Monday (30 June). The platform holds the details of 6 million Qantas customers, and while the airline is working to find out how many customers are impacted, it’s already aware that some personal details have been compromised.
“The unfortunate thing is that this sort of third-party attack is not unique. It is just one more example of why cyber security is a fundamental business priority across the entire supply chain – especially when defending against highly targeted tactics that bypass traditional security measures,” Jarvis said.
“How significant the impact will be to Qantas’ operations – across both digital and physical channels – and the damage to its brand and reputation remains to be seen.”
Given the FBI’s recent warning of Scattered Spider activity targeting airlines, Elliot Dellys, CEO of Australian cyber security firm Phronesis Security, said it would not be surprising if the collective was behind the Qantas data breach.
“Scattered Spider (also known as UNC3944) is a fascinating threat actor of growing concern. Rather than being composed of a centralised command and control structure like Russian ransomware groups, it is believed to be composed of a disparate group of young hackers living in the United States and United Kingdom,” Dellys said.
“While Qantas [has] made a public statement that login information, credit card details, personal financial information and passport details have not been disclosed, there remains a significant risk of ongoing targeted phishing attacks and identity fraud for users that may have personal information exposed.
“If this incident is the result of a third-party compromise, it adds to an increasing list of major Australian organisations that have done their utmost to secure data, just to have it exposed via a third party.
“It is also a timely reminder for organisations that effective cyber security is about far more than just having the latest tech. Breaches are frequently the result of inadequate third-party risk management, human error, or well-intended people doing the wrong thing.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
