Latest news with #CyberCX
RNZ News
02-07-2025
- Business
- RNZ News
Qantas hit by cyber attack, 6 million customer records at risk of data breach
By Michael Janda and Kirsten Aiken , ABC A photo taken on August 20, 2023 shows the wing-tip of a Qantas Airbus A330 descending to land at Sydney´s Kingsford Smith Airport. Photo: WILLIAM WEST/AFP Qantas is warning a "significant" amount of customer data has likely been stolen from its records during a cyber attack. The airline has released a statement saying that, on Monday, it detected unusual activity on a third-party platform used by a Qantas airline contact centre. The airline said 6 million customers had service records in this platform. Qantas said it was investigating the proportion of the data that had been stolen, though it expected it would be "significant". An initial review confirmed the data included some customers' names, email addresses, phone numbers, birth dates and frequent flyer numbers, the airline said. "Importantly, credit card details, personal financial information and passport details are not held in this system," the statement read. "No frequent flyer accounts were compromised nor have passwords, PIN numbers or log in details been accessed." Qantas said the system had been quarantined and affected customers would be notified. Leading cybersecurity firm CyberCX has been working with Qantas over the past 24 hours to address the incident. A spokesperson for CyberCX has told ABC News the incident has all the hallmarks of an attack from the so-called Scattered Spider hacker group, which is targeting individual business sectors one by one. Most recently it has been known for attacks on the financial and insurance sectors. The CyberCX spokesperson said there were warnings from US authorities over the weekend that Scattered Spider intended to target the aviation sector. - ABC
Techday NZ
03-06-2025
- Business
- Techday NZ
Fake CAPTCHA scam targets 2,353 WordPress sites, warns CyberCX
CyberCX has issued a warning to Australians regarding a phishing campaign targeting WordPress websites through the use of fake CAPTCHA prompts. The campaign, referred to as DarkEngine, involves threat actors embedding fraudulent CAPTCHA prompts into legitimate WordPress sites, putting website users at risk of various types of malware, including information stealers and remote access tools. According to CyberCX, at least 2,353 unique websites have been identified as likely compromised by this campaign, with 82 of these belonging to organisations in Australia and New Zealand. Within Australia, the affected websites are predominantly small to medium-sized businesses, spanning a range of sectors from strip clubs to educational platforms for children. The DarkEngine campaign employs a multi-layered approach. Initially, the perpetrator creates convincing replicas of WP Engine, a management tool widely used by businesses to oversee their WordPress websites. By leveraging a technique known as search engine optimisation (SEO) poisoning, the threat actor is able to position fake WP Engine links above legitimate ones in Google search results. As a result, genuine WP Engine login credentials from website administrators can be harvested and subsequently used to take control of the affected websites to inject fake CAPTCHA prompts. The campaign's intention is to reach the vast number of visitors to these compromised websites, exposing them to the risk of malware infection through socially engineered prompts. Katherine Mansted, Executive Director of CyberCX Intelligence, commented on the sophistication of the campaign: "This threat actor is a savvy, highly capable and well-resourced financially-motivated criminal. They are operating a scaled operation here, gaining access to thousands of real websites and infecting them with malware that hits unsuspecting internet users. "Fake CAPTCHA is an increasingly common technique criminals use to infect Australians' computers with malware. They look similar to real CAPTCHAs – a way to test whether a website visitor is a real person or a bot – but prompt the unsuspecting user to run malicious commands, potentially allowing criminals to gain remote access to their computers. "Never follow a CAPTCHA command that requires you to copy and paste text and be vigilant for any unexpected downloads after completing a CAPTCHA. Along with unusual URLs, pop-ups and poorly designed CAPTCHA formats, these are the tell-tail signs of a fake CAPTCHA." The fraudulent CAPTCHA prompts associated with DarkEngine are described as a variation of ClickFix, a social engineering tactic aimed at manipulating users into executing malicious instructions. These techniques have connections to activities used by recognised financially motivated cyber crime groups. CyberCX Intelligence has stated that it has been reaching out to organisations whose websites have been affected as part of an effort to improve the security of digital communities. The organisation has provided several recommendations for website administrators and organisations. WP Engine administrators are advised to audit account activity logs for unexpected logins, particularly those originating from unfamiliar proxy services and VPNs. WordPress site administrators should check for any signs of unexpected plugins, content injections within theme files, and successful requests containing keywords such as "emergency_login", "check_plugin", and "urlchange". Additionally, CyberCX stresses the importance of educating staff about ClickFix techniques, such as fake CAPTCHA, and the risks posed by SEO manipulation potentially leading them to engage with malicious sites. Organisations are also encouraged to consider providing reputable password managers to staff, which can help alert users if the site they are visiting is not legitimate.
The Age
02-06-2025
- The Age
Australia news LIVE: ‘Part-time parliament' to sit for fewest days in 20 years; Accused triple murderer Erin Patterson returns to witness stand
Latest posts Latest posts 6.58am Tourists run for cover as Italy's Mount Etna erupts in fiery show of smoke and ash Milan: Sicily's Mount Etna has put on a fiery show, sending a cloud of smoke and ash several kilometres into the air, but officials said the activity posed no danger to the population. The level of alert due to the volcanic activity was raised at the Catania airport, but no immediate interruptions have been reported. An official update on Monday (Tuesday AEST) declared the ash cloud emission had ended by the afternoon. Italy's INGV National Institute of Geophysics and Volcanology said the spectacle on Europe's most active volcano was caused when part of the south-east crater collapsed, resulting in hot lava flows. It was the 14th eruptive phase in recent months. The area of danger was confined to the summit of Etna, which was closed to tourists as a precaution, according to Stefano Branca, an INGV official in Catania. Sicily's president, Renato Schifani, said lava flows emitted in the eruption had not passed the natural containment area, 'and posed no danger to the population'. 6.51am Strip clubs to education hubs hacked in password grab By Jennifer Dudley-Nicholson More than 2300 business websites, including dozens in Australia, have been compromised and used to steal consumers' information as part of a year-long, 'highly orchestrated phishing campaign', a security firm warns. Almost 80 small and medium-sized Australian businesses have been hacked in the operation, with the websites targeted ranging from a children's education provider to three Queensland strip clubs. Australian online security firm CyberCX revealed details of the attack on Tuesday after alerting compromised businesses, and warned consumers to take care when following website instructions, including completing CAPTCHAs. The details come weeks after several superannuation firms were targeted in a co-ordinated online attack and less than a year after 12.9 million Australians had private information stolen from health provider MediSecure. In a paper called DarkEngine detailing the campaign, CyberCX said it discovered a group had compromised at least 2353 websites since June 2024, including 79 from Australia, 50 from the United Kingdom, and 34 from Canada. The online criminals targeted hundreds of websites using 'search engine optimisation poisoning' to publish hacked versions of a commonly used website management tool, the report said. This allowed them to install malicious code on the websites, including fake CAPTCHA features ordinarily used as a security measure to identify website visitors. The effort and resources put into the phishing campaign suggested the criminals behind it were highly motivated, CyberCX intelligence and public policy director Katherine Mansted said, and would sell whatever credentials they could steal. 'They're quite omnivorous - there are sex shops through to kids' education websites,' she said. 'What their objective is here is to compromise as many ordinary citizens' computers as possible for the purposes of financially motivated crime.' Stolen credentials such as personal information, logins and passwords had become the leading cause of online attacks, Ms Mansted said, taking over from email phishing attempts. 'What we're seeing is an ongoing professionalisation and industrialisation of the cybercrime ecosystem,' Ms Mansted said. 'I'd love to say that by outing this particular campaign the harm is stopped but it's not, as this is just an example of what we're seeing more and more of.' Individuals who might have had their details stolen in the Dark Engine campaign should change their passwords, employ a password manager, and use multi-factor authentication on accounts when possible. Website visitors should also carefully scrutinise CAPTCHA features that look unprofessional, appear in a pop-up window, or ask users to copy code into a computer's command prompt. Stolen passwords were also used to break into 10 AustralianSuper accounts in April in a theft that cost $750,000, National Cyber Security Co-ordinator Lieutenant General Michelle McGuinness confirmed in May. AAP
Sydney Morning Herald
02-06-2025
- Sydney Morning Herald
Australia news LIVE: ‘Part-time parliament' to sit for fewest days in 20 years; Accused triple murderer Erin Patterson returns to witness stand
Latest posts Latest posts 6.58am Tourists run for cover as Italy's Mount Etna erupts in fiery show of smoke and ash Milan: Sicily's Mount Etna has put on a fiery show, sending a cloud of smoke and ash several kilometres into the air, but officials said the activity posed no danger to the population. The level of alert due to the volcanic activity was raised at the Catania airport, but no immediate interruptions have been reported. An official update on Monday (Tuesday AEST) declared the ash cloud emission had ended by the afternoon. Italy's INGV National Institute of Geophysics and Volcanology said the spectacle on Europe's most active volcano was caused when part of the south-east crater collapsed, resulting in hot lava flows. It was the 14th eruptive phase in recent months. The area of danger was confined to the summit of Etna, which was closed to tourists as a precaution, according to Stefano Branca, an INGV official in Catania. Sicily's president, Renato Schifani, said lava flows emitted in the eruption had not passed the natural containment area, 'and posed no danger to the population'. 6.51am Strip clubs to education hubs hacked in password grab By Jennifer Dudley-Nicholson More than 2300 business websites, including dozens in Australia, have been compromised and used to steal consumers' information as part of a year-long, 'highly orchestrated phishing campaign', a security firm warns. Almost 80 small and medium-sized Australian businesses have been hacked in the operation, with the websites targeted ranging from a children's education provider to three Queensland strip clubs. Australian online security firm CyberCX revealed details of the attack on Tuesday after alerting compromised businesses, and warned consumers to take care when following website instructions, including completing CAPTCHAs. The details come weeks after several superannuation firms were targeted in a co-ordinated online attack and less than a year after 12.9 million Australians had private information stolen from health provider MediSecure. In a paper called DarkEngine detailing the campaign, CyberCX said it discovered a group had compromised at least 2353 websites since June 2024, including 79 from Australia, 50 from the United Kingdom, and 34 from Canada. The online criminals targeted hundreds of websites using 'search engine optimisation poisoning' to publish hacked versions of a commonly used website management tool, the report said. This allowed them to install malicious code on the websites, including fake CAPTCHA features ordinarily used as a security measure to identify website visitors. The effort and resources put into the phishing campaign suggested the criminals behind it were highly motivated, CyberCX intelligence and public policy director Katherine Mansted said, and would sell whatever credentials they could steal. 'They're quite omnivorous - there are sex shops through to kids' education websites,' she said. 'What their objective is here is to compromise as many ordinary citizens' computers as possible for the purposes of financially motivated crime.' Stolen credentials such as personal information, logins and passwords had become the leading cause of online attacks, Ms Mansted said, taking over from email phishing attempts. 'What we're seeing is an ongoing professionalisation and industrialisation of the cybercrime ecosystem,' Ms Mansted said. 'I'd love to say that by outing this particular campaign the harm is stopped but it's not, as this is just an example of what we're seeing more and more of.' Individuals who might have had their details stolen in the Dark Engine campaign should change their passwords, employ a password manager, and use multi-factor authentication on accounts when possible. Website visitors should also carefully scrutinise CAPTCHA features that look unprofessional, appear in a pop-up window, or ask users to copy code into a computer's command prompt. Stolen passwords were also used to break into 10 AustralianSuper accounts in April in a theft that cost $750,000, National Cyber Security Co-ordinator Lieutenant General Michelle McGuinness confirmed in May. AAP
The Advertiser
02-06-2025
- Business
- The Advertiser
Strip clubs to education hubs hacked in password grab
More than 2300 business websites, including dozens in Australia, have been compromised and used to steal consumers' information as part of a year-long, "highly orchestrated phishing campaign", a security firm warns. Almost 80 small and medium-sized Australian businesses have been hacked in the operation, with the websites targeted ranging from a children's education provider to three Queensland strip clubs. Australian online security firm CyberCX revealed details of the attack on Tuesday after alerting compromised businesses, and warned consumers to take care when following website instructions, including completing CAPTCHAs. The details come weeks after several superannuation firms were targeted in a co-ordinated online attack and less than a year after 12.9 million Australians had private information stolen from health provider MediSecure. In a paper called DarkEngine detailing the campaign, CyberCX said it discovered a group had compromised at least 2353 websites since June 2024, including 79 from Australia, 50 from the United Kingdom, and 34 from Canada. The online criminals targeted hundreds of websites using "search engine optimisation poisoning" to publish hacked versions of a commonly used website management tool, the report said. This allowed them to install malicious code on the websites, including fake CAPTCHA features ordinarily used as a security measure to identify website visitors. The effort and resources put into the phishing campaign suggested the criminals behind it were highly motivated, CyberCX intelligence and public policy director Katherine Mansted said, and would sell whatever credentials they could steal. "They're quite omnivorous - there are sex shops through to kids' education websites," she said. "What their objective is here is to compromise as many ordinary citizens' computers as possible for the purposes of financially motivated crime." Stolen credentials such as personal information, logins and passwords had become the leading cause of online attacks, Ms Mansted said, taking over from email phishing attempts. "What we're seeing is an ongoing professionalisation and industrialisation of the cybercrime ecosystem," Ms Mansted told AAP. "I'd love to say that by outing this particular campaign the harm is stopped but it's not, as this is just an example of what we're seeing more and more of." Individuals who might have had their details stolen in the Dark Engine campaign should change their passwords, employ a password manager, and use multi-factor authentication on accounts when possible. Website visitors should also carefully scrutinise CAPTCHA features that look unprofessional, appear in a pop-up window, or ask users to copy code into a computer's command prompt. Stolen passwords were also used to break into 10 AustralianSuper accounts in April in a theft that cost $750,000, National Cyber Security Co-ordinator Lieutenant General Michelle McGuinness confirmed in May. More than 2300 business websites, including dozens in Australia, have been compromised and used to steal consumers' information as part of a year-long, "highly orchestrated phishing campaign", a security firm warns. Almost 80 small and medium-sized Australian businesses have been hacked in the operation, with the websites targeted ranging from a children's education provider to three Queensland strip clubs. Australian online security firm CyberCX revealed details of the attack on Tuesday after alerting compromised businesses, and warned consumers to take care when following website instructions, including completing CAPTCHAs. The details come weeks after several superannuation firms were targeted in a co-ordinated online attack and less than a year after 12.9 million Australians had private information stolen from health provider MediSecure. In a paper called DarkEngine detailing the campaign, CyberCX said it discovered a group had compromised at least 2353 websites since June 2024, including 79 from Australia, 50 from the United Kingdom, and 34 from Canada. The online criminals targeted hundreds of websites using "search engine optimisation poisoning" to publish hacked versions of a commonly used website management tool, the report said. This allowed them to install malicious code on the websites, including fake CAPTCHA features ordinarily used as a security measure to identify website visitors. The effort and resources put into the phishing campaign suggested the criminals behind it were highly motivated, CyberCX intelligence and public policy director Katherine Mansted said, and would sell whatever credentials they could steal. "They're quite omnivorous - there are sex shops through to kids' education websites," she said. "What their objective is here is to compromise as many ordinary citizens' computers as possible for the purposes of financially motivated crime." Stolen credentials such as personal information, logins and passwords had become the leading cause of online attacks, Ms Mansted said, taking over from email phishing attempts. "What we're seeing is an ongoing professionalisation and industrialisation of the cybercrime ecosystem," Ms Mansted told AAP. "I'd love to say that by outing this particular campaign the harm is stopped but it's not, as this is just an example of what we're seeing more and more of." Individuals who might have had their details stolen in the Dark Engine campaign should change their passwords, employ a password manager, and use multi-factor authentication on accounts when possible. Website visitors should also carefully scrutinise CAPTCHA features that look unprofessional, appear in a pop-up window, or ask users to copy code into a computer's command prompt. Stolen passwords were also used to break into 10 AustralianSuper accounts in April in a theft that cost $750,000, National Cyber Security Co-ordinator Lieutenant General Michelle McGuinness confirmed in May. More than 2300 business websites, including dozens in Australia, have been compromised and used to steal consumers' information as part of a year-long, "highly orchestrated phishing campaign", a security firm warns. Almost 80 small and medium-sized Australian businesses have been hacked in the operation, with the websites targeted ranging from a children's education provider to three Queensland strip clubs. Australian online security firm CyberCX revealed details of the attack on Tuesday after alerting compromised businesses, and warned consumers to take care when following website instructions, including completing CAPTCHAs. The details come weeks after several superannuation firms were targeted in a co-ordinated online attack and less than a year after 12.9 million Australians had private information stolen from health provider MediSecure. In a paper called DarkEngine detailing the campaign, CyberCX said it discovered a group had compromised at least 2353 websites since June 2024, including 79 from Australia, 50 from the United Kingdom, and 34 from Canada. The online criminals targeted hundreds of websites using "search engine optimisation poisoning" to publish hacked versions of a commonly used website management tool, the report said. This allowed them to install malicious code on the websites, including fake CAPTCHA features ordinarily used as a security measure to identify website visitors. The effort and resources put into the phishing campaign suggested the criminals behind it were highly motivated, CyberCX intelligence and public policy director Katherine Mansted said, and would sell whatever credentials they could steal. "They're quite omnivorous - there are sex shops through to kids' education websites," she said. "What their objective is here is to compromise as many ordinary citizens' computers as possible for the purposes of financially motivated crime." Stolen credentials such as personal information, logins and passwords had become the leading cause of online attacks, Ms Mansted said, taking over from email phishing attempts. "What we're seeing is an ongoing professionalisation and industrialisation of the cybercrime ecosystem," Ms Mansted told AAP. "I'd love to say that by outing this particular campaign the harm is stopped but it's not, as this is just an example of what we're seeing more and more of." Individuals who might have had their details stolen in the Dark Engine campaign should change their passwords, employ a password manager, and use multi-factor authentication on accounts when possible. Website visitors should also carefully scrutinise CAPTCHA features that look unprofessional, appear in a pop-up window, or ask users to copy code into a computer's command prompt. Stolen passwords were also used to break into 10 AustralianSuper accounts in April in a theft that cost $750,000, National Cyber Security Co-ordinator Lieutenant General Michelle McGuinness confirmed in May. More than 2300 business websites, including dozens in Australia, have been compromised and used to steal consumers' information as part of a year-long, "highly orchestrated phishing campaign", a security firm warns. Almost 80 small and medium-sized Australian businesses have been hacked in the operation, with the websites targeted ranging from a children's education provider to three Queensland strip clubs. Australian online security firm CyberCX revealed details of the attack on Tuesday after alerting compromised businesses, and warned consumers to take care when following website instructions, including completing CAPTCHAs. The details come weeks after several superannuation firms were targeted in a co-ordinated online attack and less than a year after 12.9 million Australians had private information stolen from health provider MediSecure. In a paper called DarkEngine detailing the campaign, CyberCX said it discovered a group had compromised at least 2353 websites since June 2024, including 79 from Australia, 50 from the United Kingdom, and 34 from Canada. The online criminals targeted hundreds of websites using "search engine optimisation poisoning" to publish hacked versions of a commonly used website management tool, the report said. This allowed them to install malicious code on the websites, including fake CAPTCHA features ordinarily used as a security measure to identify website visitors. The effort and resources put into the phishing campaign suggested the criminals behind it were highly motivated, CyberCX intelligence and public policy director Katherine Mansted said, and would sell whatever credentials they could steal. "They're quite omnivorous - there are sex shops through to kids' education websites," she said. "What their objective is here is to compromise as many ordinary citizens' computers as possible for the purposes of financially motivated crime." Stolen credentials such as personal information, logins and passwords had become the leading cause of online attacks, Ms Mansted said, taking over from email phishing attempts. "What we're seeing is an ongoing professionalisation and industrialisation of the cybercrime ecosystem," Ms Mansted told AAP. "I'd love to say that by outing this particular campaign the harm is stopped but it's not, as this is just an example of what we're seeing more and more of." Individuals who might have had their details stolen in the Dark Engine campaign should change their passwords, employ a password manager, and use multi-factor authentication on accounts when possible. Website visitors should also carefully scrutinise CAPTCHA features that look unprofessional, appear in a pop-up window, or ask users to copy code into a computer's command prompt. Stolen passwords were also used to break into 10 AustralianSuper accounts in April in a theft that cost $750,000, National Cyber Security Co-ordinator Lieutenant General Michelle McGuinness confirmed in May.
