Qantas attack reveals one phone call is all it takes to crack cybersecurity’s weakest link: humans
All it can take is a phone call.That’s what Qantas learned this week when the personal information of up to 6 million customers was stolen by cybercriminals after attackers targeted an offshore IT call centre, enabling them to access a third-party system.It is the latest in a series of cyber-attacks on large companies in Australia involving the personal information of millions of Australians, after the attack on Optus, Medibank and, most recently, Australia’s $4t superannuation sector.The Qantas attack came just days after US authorities warned the airline sector had been targeted by a group known as Scattered Spider, using social engineering techniques, including impersonating employees or contractors to deceive IT help desks into granting access, and bypassing multi-factor authentication.While companies may spend millions keeping their systems secure and software up-to-date to plug known vulnerabilities, hackers can turn to this form of attack to target, often, the weakest link – humans.
Social engineering is not new.It predates the internet, involving tricking someone into providing compromising information.The most common way people would see social engineering in practice is through phishing attacks – emails that are designed to look official to lure unsuspecting people into providing their login and passwords.The phone-call version of social engineering, known as vishing, can be more complicated for the attacker, requiring research into a company and its employees, and tactics to sound convincing over the phone to get the unwitting worker to let them in.Sign up for Guardian Australia’s breaking news emailThe arrival of easy-to-use artificial intelligence products, including voice cloning, will only make this easier for attackers.
The Office of the Australian Information Commissioner’s most recent data breaches report, covering the second half of 2024, noted a significant rise in reports of breaches caused by social engineering attacks, with government agencies reporting the most, followed by finance and health,The Qantas breach – that compromised information including names, email addresses, phone numbers, dates of birth and frequent flyer numbers – in isolation might not lead to financial loss, but the growing number of data breaches in Australia means hackers are able to collate data collected across the breaches and potentially launch attacks on unsuspecting new targets,In April, the nation’s superannuation funds became aware of the dangers of hackers collecting compromised login details from other breaches to gain access to super accounts, in what is termed credential stuffing,The industry was fortunate only a handful of customers suffered losses, together approximately $500,000 – likely a combination of the funds locking down systems, and the high proportion of fund holders who have yet to reach the age where they can access their super,The Albanese government, however, has been warned that the attack was a canary in the coalmine for the financial sector.
In advice to the incoming government in May – released this week under freedom of information laws – the Australian Prudential Regulation Authority (Apra) warned super assets were at risk.“Cyber-attacks at large superannuation funds, that look likely to increase in scope and frequency, highlight that capability in the management of cyber and operational risks must improve,” Apra said.“While the number of member accounts that had funds fraudulently withdrawn was small, the incident highlighted the need for this sector to uplift its cybersecurity and operational resilience maturity.“This need will only grow as the sector increases in size, more members enter retirement and the sector takes on greater systemic significance with inter-linkages to the banking sector.”Sign up to Breaking News AustraliaGet the most important news as it breaksafter newsletter promotionApra had warned the sector in 2023 of the importance of multi-factor authentication – something some of the funds had failed to implement before the April attack.
The regulator said there were also sustained cyber-attacks on banking and insurance businesses, and third-party providers that were “continuing to test resilience and defences as attackers develop new technologies and approaches”.Healthcare, finance, technology and critical infrastructure, such as telecommunications, were most at risk from cyber threats, according to Craig Searle, global leader of cyber advisory at global cybersecurity firm Trustwave.“The technology sector is uniquely exposed due to its central role in digital infrastructure and interconnected supply chains,” he said.“An attack on a single tech provider can cascade to hundreds or thousands of downstream clients, as seen in recent high-profile supply chain breaches.“Overall, the sectors most at risk are those with high-value data, complex supply chains, and critical service delivery.
”Searle said attackers like Scattered Spider deliberately targeted third-party systems and outsourced IT support, as seen in the Qantas breach, representing a risk for large companies.“The interconnected nature of digital supply chains means a vulnerability or misconfiguration in a partner or contractor can trigger a domino effect, exposing sensitive data and operations far beyond the initial breach,” he said.Christiaan Beek, senior director for threat analytics at cybersecurity firm Rapid7, said third-party systems had become an integral part of many organisations’ business operations and, as a result, were increasingly targeted by threat actors.“It’s essential for organisations to apply the right levels of due diligence in assessing the security posture of such third-party systems to reduce the risk of their information being compromised.”Searle said organisations needed to shift from reactive to proactive cybersecurity, apply software patches promptly and enforce strong access control such as multi-factor authentication.
Beek agreed organisations needed to be proactive, with executives held accountable for cybersecurity in their organisations, as well as board oversight,“The novel tactics observed by modern-day cybercrime groups escape the typical confines of security management programmes,” he said,“The no-limits approach of these criminals pushes us to rethink the typical boundary of defence, in particular surrounding social engineering and the ways in which we can be taken advantage of,”
No 10 regrets choice of ‘insipid’ new cabinet secretary, sources say
Keir Starmer’s No 10 increasingly has “buyer’s remorse” about the new cabinet secretary, Chris Wormald, who has only been running the civil service for six months, Downing Street and Whitehall sources have told the Guardian.Wormald, who was the permanent secretary at the Department of Health and Social Care during the Covid pandemic, was chosen by the prime minister from a shortlist of four names.Starmer made his pick in consultation with the head of the civil service and the first civil service commissioner, saying at the time that Wormald “brings a wealth of experience to this role at a critical moment in the work of change this new government has begun”.However, multiple sources said some people around Starmer were growing to view the choice of Wormald as “disastrous” for the prospects of radical reform of the civil service and had begun to explore options for how to work around him.One said Wormald was viewed as “insipid” and prone to wringing his hands about problems rather than coming up with solutions, and too entrenched in the status quo
‘We promised change but people aren’t feeling it yet’: Labour rues poor first year
In a stiflingly hot room at a health centre in East London, as he announced the government’s 10-year plan for the NHS on Thursday, Keir Starmer was confronted with a brutal assessment of his first year in power.“You’ve U-turned on your reforms, your MPs don’t trust you, and markets worry that you’ve lost resolve on fiscal discipline. It’s the epitome, isn’t it, of sticking-plaster politics and chaos that you promised voters you would end?” a television journalist asked.Initially, Starmer avoided answering the question, but he eventually addressed the fall-out from his government’s chaotic handling of its welfare bill. “I’m not going to pretend the last few days have been easy: they’ve been tough,” he admitted
Reform councillor’s boast about removing ‘trans-ideological’ books from children’s library sections falls flat
A boast by a Reform UK councillor that he ensured the removal of “trans-ideological material and books” from the children’s section of his county’s libraries has fallen flat after it emerged that no such material ever existed there.Paul Webb, the cabinet member for communities at Kent council, whose portfolio covers libraries, posted a video to X in which he said he had been “recently contacted by a concerned member of the public who found trans-ideological material and books in the children’s section of one of our libraries”.He said: “I’ve looked into this and this was the case. I’ve today issued instructions for them all to be removed from the children’s section of any of our libraries.“They do not belong in the children’s section of our libraries
Sultana’s alliance with Corbyn shows Starmer there is life in the Labour left yet
A year ago, many around Keir Starmer believed the Labour left had been sealed in a tomb. The suspension of Jeremy Corbyn, the disciplinary action against Labour MPs including Zarah Sultana and the push to the political centre were supposed to fracture the party’s leftwing.But this week’s drama, which included the prime minister narrowly avoiding defeat on the welfare bill after 49 Labour MPs rebelled, the chancellor’s tears during prime minister’s questions and Sultana announcing she was quitting the party to join Corbyn’s Independent Alliance, has shown that the forces are very much alive.It has also shown that the votes for a populist challenge remain there for the taking, if anyone can get organised enough to harness them.In the months after Starmer’s landslide win, figures excluded from Labour’s selection processes have been regrouping in the spaces he does not occupy: outside Westminster
Ban on Palestine Action to take effect after legal challenge fails
Being a member of, or showing support for, Palestine Action will be a criminal offence from Saturday after a last-minute legal challenge to suspend the group’s proscription under anti-terrorism laws failed.A ban on Palestine Action, which uses direct action to mainly target Israeli weapons factories in the UK and their supply chain, was voted through by parliament this week but lawyers acting for its co-founder Huda Ammori had sought to prevent it taking effect.After a hearing at the high court on Friday, however, Mr Justice Chamberlain declined to grant her application for interim relief. Ammori said: “The home secretary is rushing through the implementation of the proscription at midnight tonight despite the fact that our legal challenge is ongoing and that she has been completely unclear about how it will be enforced, leaving the public in the dark about their rights to free speech and expression after midnight tonight when this proscription comes into effect.”Chamberlain said: “I have concluded that the harm which would ensue if interim relief is refused but the claim later succeeds is insufficient to outweigh the strong public interest in maintaining the order in force
Jeremy Corbyn confirms talks about forming new party with Zarah Sultana
Jeremy Corbyn has confirmed he is in discussions about creating a new leftwing political party, hours after the MP Zarah Sultana announced she was quitting Labour to co-lead the project.Sultana, the MP for Coventry South who had the Labour whip suspended last year for voting against the government over the two-child limit on benefits, said on Thursday night she was quitting Labour and would “co-lead the founding of a new party” with Corbyn.Her announcement took some on the left of Labour by surprise and was seen as premature and potentially counterproductive.While Corbyn has long hinted at plans to establish a more organised platform for leftwing and pro-Palestinian campaigning, he has so far avoided confirming any formal structure or leadership arrangements.Corbyn, the MP for Islington North, is understood to be reluctant to take on the title of leader, as he has a preference for collective decision-making, and he believes imposing a hierarchy too soon could risk fragmenting the coalition of like-minded MPs he has spent months encouraging to work together
Blood oranges, beets and brussels sprouts: Australia’s best-value fruit and veg for July
How can I use leftover pickle brine in day-to-day cooking? | Kitchen aide
How to turn veg scraps into a delicious dip – recipe | Waste not
Frittata, ‘egg and chips’ and a bean feast: Sami Tamimi’s brunch recipes from Palestine
Jam tarts and summer pudding cake: Nicola Lamb’s recipes for baking with mixed berries
Georgina Hayden’s recipe for spiced crab egg fried rice