Qantas has said it will beef up its security and threat detection after a cyber-attack affecting up to 6 million customers, as Australia’s privacy watchdog has warned attacks using social engineering to gain access to data are on the rise.
In an update to customers on Thursday, the airline said more security measures would be put in place after cybercriminals were able to gain access to a third-party system used by a Qantas airline contact centre to steal customers’ personal information. “We’re … putting additional security measures in place to further restrict access and strengthen system monitoring and detection,” the company said.
Qantas began emailing affected customers on Wednesday evening but had not indicated as of Thursday afternoon whether any compensation would be provided to those who had their personal information compromised.
Cybersecurity analysts indicated to Guardian Australia that, as of Thursday afternoon, the data had not yet been posted on forums or dark web locations that attackers commonly frequent.
The alleged culprit of the attack has yet to be identified but has similarities to a ransomware group known as Scattered Spider. The group has targeted airlines in the US in recent weeks by engaging in what are called social engineering attacks, or “vishing”. They involve calling the IT support for large companies, often impersonating employees or contractors to deceive IT help desks into granting access and bypassing multi-factor authentication.
An Office of the Australian Information Commissioner (OAIC) report on data breaches, released in May and covering the second half of last year, noted a rise in the number of social engineering attacks resulting in data breaches in Australia. The attacks made up 28% of all reported breaches resulting from malicious or criminal attacks.
The OAIC noted at the time that the “significant increase” was particularly significant within Australian government agencies, which reported 60 out of the 115 breaches of that kind – a 46% increase on the previous six months. Google’s threat intelligence report in recent months has also warned of multiple threat actors using these methods to get into companies’ systems.
