Up next in 10
A major data breach has compromised the personal information of over five million Qantas customers. Cyber security expert David Tuffley explains the potential risks and how the hackers are now targeting other major companies through their suppliers. #Qantas #DataBreach #CyberSecurity #ScatteredLapsus #DarkWeb
Show More Show Less View Video Transcript
0:00
Hackers have reportedly released the
0:02
personal data of more than 5 million
0:04
Quantis customers onto the dark web
0:07
after a ransom deadline passed yesterday
0:10
afternoon.
0:10
David Tuffley is a senior lecturer in
0:13
cyber security and applied ethics at
0:15
Griffith University and he joins us now
0:18
live. Uh David, morning to you. Um this
0:21
was a big hack, 40 companies worldwide.
0:23
What is it um that they have and has now
0:26
potentially been released onto the dark
0:28
web?
0:30
Yes, the the data that's been released
0:33
is what Quantis' call center in the
0:36
Philippines had. And this would be
0:39
things like frequent flyer number, uh
0:42
address, email, phone, the sorts of
0:45
things that uh they would have, but not
0:48
uh passport numbers or uh any credit
0:52
card details, anything like that. So
0:54
it's it's of the same magnitude as the
0:57
Optus breach was a few years ago, but it
1:00
doesn't it doesn't involve the same very
1:02
sensitive data.
1:04
What use is it to people who have shady
1:08
motives who who want to use it?
1:12
Yes. Well, that information can be used
1:15
to put together pretty convincing social
1:18
engineering attacks, which is a fancy
1:21
way really of saying getting unsolicited
1:24
phone calls that sound very convincing
1:27
that creates a sense of urgency for you
1:29
to do something uh which ends up giving
1:33
the cyber crooks uh access to accounts.
1:37
So, be on the lookout for that. monitor
1:40
uh your accounts closely uh and just be
1:44
very very careful about people uh
1:47
contacting you out of the blue, people
1:49
you don't know.
1:50
Uh David, what do you know about
1:52
scattered lapsus hunters?
1:55
They are a recent evolution uh in the
1:59
whole cyber crime area. It's actually a
2:02
group of uh individual hacker groups who
2:06
have now affiliated with each other for
2:09
the purpose of leveraging their
2:11
individual strengths. Say one of them is
2:15
particularly good at social engineering
2:18
attacks and they're the ones that do you
2:20
know the approach and they're very
2:22
convincing and they're using AI to
2:24
simulate voices and things like this. So
2:28
it's it's kind of like a super group
2:31
that uh has evolved and they've changed
2:35
their tactics a little bit. they are now
2:37
uh going after well Salesforce their
2:41
software is used in
2:44
you know 100 or more uh companies around
2:47
the world and if they can hack into
2:50
Salesforce they then have access to the
2:54
customer accounts of all of their
2:56
customers then that's people like Disney
2:59
and Toyota and McDonald's not just
3:02
Quantis and other airlines so it's a
3:05
very uh attract ractive target for uh
3:08
hackers like this. So instead of trying
3:10
to get in directly to Quantis, it's
3:13
easier for them and more efficient if
3:15
they come in via a supplier to to
3:19
Quantis.
3:20
Wow. Incredible. Um and what they want
3:22
is money. They demanded a ransom. It
3:24
wasn't paid. What is the current status
3:27
of companies who uh have these ransom
3:30
demands? Are they generally not paid
3:31
these days?
3:33
Yeah, the it's absolutely uh the case
3:37
that paying ransoms is very much dis uh
3:41
discouraged. It it just uh supports a
3:44
criminal uh business model and uh really
3:48
there's no guarantee that you're going
3:49
to get your data back. Um because why,
3:53
you know, why pay why get paid once when
3:56
you can be paid many times? the data
3:59
still goes up for sale on the dark web.
4:02
And in this instance, the deadline
4:04
passed and uh as they promised, they did
4:08
put up the data on the dark dark web.
4:12
And so it is now out there uh for any
4:15
other, you know, nu wells to um to make
4:18
use of.
#Business News
#Technology News