Optus data breach: Telco attack a turning point for phishing campaigns

As the complexity and frequency of cyber threats increase exponentially, it is extremely sad to see Australia under attack from cybercriminals who are finding success in exploiting vulnerabilities to gain unauthorised access to businesses and critical infrastructure.

What does the breach mean for the threat landscape?

Telcos like Optus carry large amounts of data about their clients like call patterns, incoming/outgoing phone numbers, internet usage and other forms of personal data that can be easily exploited. The data exposed can now be maliciously used to create fake identities or as a launchpad to further target users individually through spear-phishing campaigns.

These campaigns will be even more effective as cyber criminals have access to more data than just an email address. While having technical defences is a step forward in terms of cybersecurity maturity, I cannot emphasise enough the importance of training and educating business users as people are always the weakest link when it comes to cybersecurity.

How can Optus clients stay safe following the attack?

Third party risk is another area that requires close attention as larger organisations are often infiltrated through their partnerships with external suppliers. The findings of the Australian Cyber Security Centre’s investigation into Optus’s data breach will reveal the true nature of the attack – whether it was the work of cybercriminals or a state-sponsored attack.

Optus users need to be vigilant of emails offering support due to this breach, even if the email appears to be from a legitimate source. They need to do due diligence when it comes to cyber hygiene and avoid clicking on links in emails unless their legitimacy has been validated.

Ajay Unni is the founder of StickmanCyber, a business that helps companies mitigate their cyber-security risks. Ajay named the company after the countless stick figures he used in flow charts, throughout his years in the software and cyber-security industry. Ajay Unni has over 30+ years’ IT industry experience, with over 15 years as a cyber-security specialist.