Qantas has confirmed that it’s now being extorted by risk actors following a cyberattack that doubtlessly uncovered the info for six million prospects.
“A possible cyber legal has made contact, and we’re at present working to validate this,” Qantas shared in an up to date assertion.
“As it is a legal matter, we’ve engaged the Australian Federal Police and will not be commenting any additional on the main points of the contact.”
Qantas disclosed the assault on July 1st, stating it detected uncommon exercise in a third-party system utilized by one in every of its contact centres the day earlier than. The breach uncovered buyer names, electronic mail addresses, telephone numbers, dates of start, and frequent flyer numbers.
Nevertheless, Qantas says that no bank card or monetary data, passport particulars, passwords, PINs, or login credentials had been uncovered within the breach.
Qantas is warning prospects to be looking out for scams and phishing emails which will try to make use of the stolen knowledge to steal additional delicate data. All reputable emails from Qantas can be from the qantas.com area.
Qantas additionally mentioned it should by no means ask prospects for passwords, ticket affirmation codes, or different delicate data by telephone, textual content, or electronic mail.
The Qantas breach is a part of assaults focusing on the aviation sector by risk actors linked to Scattered Spider. These risk actors are expert at social engineering assaults used to achieve preliminary entry to company networks, generally by tricking assist desks and help distributors into resetting staff’ passwords and MFA.
The risk actors behind these assaults first focused the retail sector in April, with breaches on Marks & Spencer (M&S) and Co-op.
For M&S, the group gained entry by impersonating an worker and convincing a service desk vendor to reset passwords and multi-factor authentication (MFA) protections.
The group later shifted its focus to insurance coverage firms, and extra not too long ago, the aviation and transportation industries, with assaults on WestJet and Hawaiian Airways linked to the risk actors.
Qantas says it’s working with cybersecurity specialists and the Australian Cyber Safety Centre, the Workplace of the Australian Data Commissioner, and the Australian Federal Police to analyze the assault.
BleepingComputer contacted Qantas with additional questions relating to the extortion and can replace this text if we hear again.
Whereas cloud assaults could also be rising extra subtle, attackers nonetheless succeed with surprisingly easy methods.
Drawing from Wiz’s detections throughout hundreds of organizations, this report reveals 8 key methods utilized by cloud-fluent risk actors.
