Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Paul Abbate, former deputy director of the FBI, talks about the Scattered Spider, the importance of reporting, and how to train employees to spot social engineering attacks.
Many Australians were shocked earlier this month by the news that yet another big Australian brand, the national carrier Qantas, was the victim of a cyber attack.
They were possibly more shocked to learn how the hackers got into the network of one of Qantas’ call centres so easily – by using social engineering to trick their way in.
But the truth is, a confident social engineering attack can be hard to spot, and without proper training, anyone can fall for one. However, according to a former director of the FBI, that kind of training needs to be a top-down exercise.
“It is essential for companies across all industries, particularly those that collect and store personally identifiable information, to provide regular and consistent training and awareness to the workforce on cyber threats, what to look out for in terms of a potential attack, and methods to avoid falling victim to cyber attacks,” Paul Abbate told Cyber Daily.
“Engaged leadership and effective communication are necessary to establish and maintain a focused and disciplined cyber security culture within a given organisation. To reinforce all of the above, spearphishing tests should be conducted regularly to ensure vigilance and help identify weaknesses and vulnerabilities in the system.”
While Qantas no doubt continues to investigate the incident, no threat actor has yet come forward to claim the attack, nor has any data been released online, either on the clear or dark web. That said, the most likely culprit is a loosely knit hacking collective known as Scattered Spider.
“While there has been no official attribution, the mode of attack is highly consistent with tactics associated with Scattered Spider, to include the targeting of call centres, use of social engineering to gain unauthorised access, and a focus on certain sectors such as airlines,” Abbate said.
Having recently worked with Nagomi Security on a documentary on the challenges of being a CISO, Abbate said that the company’s CEO has the answer to why such attacks are successful.
“Attackers often succeed not just because of technical gaps, but because security teams lack clear visibility into what’s exposed and whether their defences are truly working,” Abbate said.
“Without that kind of control-aware insight, knowing which assets (including identity) are unprotected, which controls are misconfigured, and which exposures are exploitable, it’s nearly impossible to respond with the speed, focus, and confidence these attacks demand.”
Unfortunately, given the volume and nature of the data that airlines hold, much of which is personal, they make an attractive target for hackers looking to on-sell that data or use it to commit further crimes.
“Because of this, both the value and privacy of the information held and the risk of reputational damage and potential economic harm to the companies make them prime targets for ransomware and extortion,” Abbate said.
Given that many experts consider attacks against companies of any scale to be more or less inevitable – it’s a matter of if, not when, as they say – Abbate also emphasised the importance of timely reporting of such incidents, as well as training to stop or mitigate them.
“It is incredibly important for companies to report attacks early and in clear detail. The consequences of failing to do so can carry severe implications, potentially resulting in further damage and missed opportunities to prevent future harm,” Abbate said.
“Reporting as early as possible allows the private sector and government to collaborate and share information and intelligence, both real time and historic. Leveraging these partnerships aids in mitigating further harm flowing from the instant breach while also warning other potential victims through the dissemination of indicators of compromise and modes of attack.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
