Up next in 10
Qantas Cyber Attack: What You Need to Know
Jul 4, 2025
We delve into the Qantas cyberattack, attributed to Scattered Spider. This video covers the breach's impact, the potential ransom, and why airlines are prime targets. Our analysis includes the government's stance on third-party involvement and the complexity of modern cybersecurity. We discuss the risks customers now face and Qantas's response. #Qantas #Cybersecurity #CyberAttack #ScatteredSpider #Ransomware #DataBreach #Airlines #TechNews #CybersecurityNews #DataSecurity
View Video Transcript
0:00
This is a pretty significant story.
0:02
Anyone who, you know, flies with Quantis
0:04
is a bit nervous. And the identity of
0:07
the attacker is not yet known, but it is
0:09
believed to be this so-called scattered
0:12
spider ransomware group. Uh, what have
0:15
they been responsible for? Ah, they're
0:18
prolific actually, PK. Um, they've been
0:21
active for about three years now. Uh,
0:25
since May 2022, they've been tracked.
0:28
They've kind of moved systematically
0:30
through a whole range of sectors. Um,
0:33
airlines are just their latest target.
0:36
They've target, they started out, I
0:38
think their biggest first exploits were
0:40
against casinos. Um, so Caesar's
0:43
entertainment, um, MGM. Um, they've
0:46
moved on to financial services
0:48
companies. Uh, more recently people
0:50
might have heard about the hacks on Marx
0:53
and Spencer in the UK. So, retailers
0:56
there. Um so yeah, they they really are
0:58
moving moving through at a pace and we
1:01
knew that they were coming to airlines
1:03
because well they've they've done this
1:05
um they've hit two US airlines recently
1:09
and uh the FBI even issued a a warning.
1:13
They tweeted um if we're still calling
1:15
it tweets like anyway they exed yeah
1:18
whatever they hit anyway the FBI issued
1:21
a warning on the 28th of June um saying
1:24
hey they're coming after airlines and
1:26
even spelled out the playbook that
1:29
they're using um to get inside
1:31
businesses to get access to customers
1:33
data um as it seems like they may have
1:36
done in the case of Quantis here and you
1:39
know what we know about that breach so
1:41
far that the Quantis breach
1:43
It follows that playbook to a tea. Yeah,
1:47
James, the I spoke to the minister
1:49
earlier, asked him if ransomware
1:51
ransom if a ransom should be paid
1:53
rather. He said that's not what the
1:55
government uh advises to companies. I
1:58
also talked to him about the third a
2:00
third party platform was involved here
2:02
and he said he advises that they don't
2:05
use third parties. Uh but they do,
2:08
right? like that's not going to change
2:10
and clearly their their cyber security
2:12
isn't up to the same scratch, right?
2:14
Yeah. I mean this is the complexity of
2:16
sort of the modern cyber security
2:17
environment and something that cyber
2:19
security experts and governments and
2:21
companies are sort of wrestling with.
2:23
You know the reason that scattered
2:25
spider has targeted airlines is that
2:28
they are incredibly data rich. Obviously
2:31
uh airlines collect a huge amount of
2:32
data about customers from their simple
2:34
stuff like their names and their birth
2:36
dates and their emails uh through to
2:38
things like passport numbers, credit
2:39
card numbers, etc. But also uh airlines
2:42
are quite vulnerable in the sense that
2:44
they tend to be pretty complex operating
2:47
environments. They use a lot of third
2:49
party not just software but external
2:51
contractors. Um I it's slightly naive to
2:54
say that you're going to be able to stop
2:55
airlines from doing that. They outsource
2:57
all sorts of different things from
2:59
baggage handling um to their data
3:01
management through to customer service.
3:04
And this is how these uh these hacker
3:06
groups essentially uh tackle these
3:08
businesses. A lot of people think that
3:10
you know with hackers it's about sitting
3:12
in front of uh a computer screen with
3:14
glowing green text scrolling like in the
3:16
matrix and you're hacking into software.
3:18
It's usually uh social engineering. they
3:21
will call a stressed and harried uh
3:24
internal customer service
3:25
representative, misrepresent who they
3:27
are, and get access to a database. And
3:29
when you're doing that, not just to
3:31
Quantis staff, but to an external uh
3:34
contractor who Quantis may not even know
3:37
or be totally across the fact of the
3:39
amount of data that this external uh
3:41
contractor has access to. You're dealing
3:43
with an incredibly complex operating
3:45
environment. And that's why we've seen
3:47
these repeated hacks, not just Quantis,
3:49
but obviously we had Metabank, we had
3:51
Optus. Um, this is like an ongoing
3:53
issue. And I think it's a little bit
3:54
harder than just saying uh these
3:56
businesses shouldn't use uh third party
3:59
services or contractors. Yeah, clearly
4:01
the the government is uh working pretty
4:04
closely with Quantis on this. That's
4:06
certainly what Tony Burke said. An uh
4:09
how do you I mean we're in early days.
4:11
It just was only announced today. But
4:13
what's your assessment of the way that
4:15
Quantis is handling this cyber attack
4:18
and the way it's communicating about it?
4:20
Well, you know, as embarrassing and
4:22
difficult as it is for a company to come
4:24
forward and and you know, take this kind
4:26
of reputational hit, it's also the best
4:28
thing they can do to protect their
4:30
customers because the customers who may
4:33
have been exposed here and we don't know
4:35
the exact number, but 6 million is the
4:37
is the possible ceiling. So, it's a lot.
4:40
Um those people need to know to be on
4:43
the lookout because they are more likely
4:46
to be targeted now if their data has
4:49
been bre you know exfiltrated stolen um
4:54
and and distributed more widely. They're
4:56
more vulnerable to scams now. That's the
4:59
bottom line. Um and they should know
5:01
that and it's it's right that Quantis
5:03
has come forward and and and spoken
5:06
about it. Um you know I think what's
5:08
happening in the background um what's
5:10
likely to happen in the background what
5:12
what we know is that when data this much
5:15
data is stolen um the most efficient or
5:20
or the the the most money you can make
5:22
out of it if you're a hacker group is to
5:24
demand a ransom. Now Quantis is saying
5:27
as of this afternoon that they haven't
5:29
had any contact from uh the threat actor
5:32
any the threat actor so far demanding
5:34
such a ransom. Um but you know it is
5:37
likely um based on just ba based on how
5:40
these things tend to play out, how we've
5:42
seen them play out before that a ransom
5:45
um could well be asked for. Uh and yeah,
5:48
and then what happens next will happen
5:50
behind closed doors. Well, thank you to
5:52
both of you. What a what a day for uh
5:54
tech journalists like yourselves. Thanks
5:56
so much. Thank you. Thanks, PK.