Yazılar

Airport chaos underscores growing trend of high-profile ransomware attacks

/in /tarafından

A weekend ransomware attack that crippled airport check-in systems across Europe has drawn attention to a new trend in cybercrime: hackers are increasingly targeting high-profile companies and infrastructure for both larger payouts and reputational clout, cybersecurity experts said.

The European Union’s cybersecurity agency ENISA confirmed on Monday that the attack on Collins Aerospace, a unit of RTX, was ransomware-based. The hack disrupted check-in and baggage systems since Friday, grounding flights and stranding thousands of passengers. The attackers’ identity remains unknown, with no ransomware group yet claiming responsibility on dark web leak sites.

Rafe Pilling, Director of Threat Intelligence at Sophos, noted that while most ransomware attacks remain financially motivated, a subset of operations is now engineered for maximum disruption: “They are becoming more visible and more ambitious.”

The strategy is not new but appears to be escalating. In April, the group Scattered Spider was linked to an attack on retailer Marks & Spencer that halted online orders for weeks. Britain’s National Crime Agency also charged two teenagers last week over a 2024 attack on Transport for London, tied to the same group. The FBI estimates Scattered Spider has been involved in around 120 network intrusions and netted $115 million in ransom payments.

Experts warn the trend poses greater systemic risks. Martyn Thomas, Emeritus Professor of IT at Gresham College, said software vulnerabilities and weak security practices continue to fuel the crisis: “If criminals were to decide to cause serious injury or many deaths, the same attack strategies could be used on critical systems in healthcare or major infrastructure.”

Another driver, analysts say, is reputation within cybercriminal networks. Pulling off high-impact breaches boosts a hacker’s credibility and standing among peers, creating a cycle of increasingly bold attacks.

The incident highlights the growing urgency for stronger software security and corporate defenses as ransomware groups become more emboldened, aiming not only for profit but also prestige.

Qantas Suffers Major Cyber Hack Affecting 6 Million Customer Accounts

/in /tarafından

Australian airline Qantas revealed on Wednesday that a cyber hacker accessed a third-party customer service platform used by one of its call centres, compromising the personal data of approximately six million customers. The breach exposed names, email addresses, phone numbers, birth dates, and frequent flyer numbers, marking Australia’s most significant cyberattack in recent years.

Qantas has not disclosed the call centre’s location or the precise number of affected customers but confirmed the breach was discovered after detecting unusual activity. The airline is still investigating the full scope of the stolen data but expects it to be substantial. Importantly, Qantas stated that frequent flyer accounts, passwords, PINs, or login credentials were not accessed, and operations and safety were not impacted.

The incident occurs amid heightened cyber threats targeting airlines worldwide. The FBI recently reported that the hacker group Scattered Spider has targeted airlines such as Hawaiian Airlines and WestJet. While Qantas did not identify the attacker, cybersecurity experts warn that social engineering attacks on airline staff may be involved.

This breach brings unwelcome scrutiny to Qantas, which is recovering from a reputational crisis caused by controversies during the COVID-19 pandemic, including illegal staff layoffs and ticketing issues. Qantas CEO Vanessa Hudson acknowledged the seriousness of the breach and assured customers of the airline’s commitment to protecting personal information. Authorities including the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police have been notified.

Qantas shares fell 2.4% in afternoon trading, while the overall market rose.

Aflac Investigates Potential Data Breach Following Cyberattack

/in /tarafından

Aflac, a health and life insurer, announced on Friday that it is investigating a cyberattack on its U.S. network that may have exposed customers’ personal data. The breach was detected on June 12 and is believed to have been conducted by the cybercrime group Scattered Spider, known for targeting multiple companies in the same industry through coordinated waves of attacks.

Scattered Spider, active since May 2022, is notorious for using identity-based tactics such as scamming help desks to reset credentials and bypass multi-factor authentication. This group has been linked to recent service disruptions at Philadelphia Insurance Companies and Erie Indemnity.

Aflac’s investigation is still in the early stages, and the insurer has not disclosed the number of affected customers or the timeline for completing the review. The company handles personal, medical, and financial data of over 50 million policyholders in the U.S. and Japan, including accident and pet insurance customers.

The attack potentially exposed sensitive information, including social security numbers and health details. Aflac reported that it stopped the intrusion within hours and has engaged third-party cybersecurity experts to assist with the investigation. Despite the breach, Aflac stated that it continues to operate normally while addressing the incident.

This attack follows a wave of cyber threats in the healthcare and insurance sectors, including a major breach last year of UnitedHealth’s Change unit by the hacking group ALPHV, also known as BlackCat.