websights

The Qantas cyber-attack: when third-party risk becomes a frontline threat

by

The Qantas cyber-attack: when third-party risk becomes a frontline threat

The recent cyberattack on Qantas Airlines is more than a headline – it’s a clear warning that supply chain attacks are real, dangerous, and increasingly common. By targeting a third-party vendor, attackers bypassed direct defenses. This is a wake-up call: your security is only as strong as your weakest SaaS connections.

On Monday, June 30th 2025, Qantas detected unusual activity in a 3rd party system and shut it down. It later confirmed that a cyber incident had occurred in one of its contact centres, and that the cyber-criminal behind the attack gained access to a third-party system that held customer information. According to the airline, the incident exposed sensitive customer data, but there’s no impact to Qantas’ operations or the safety of the airline. 

This cyber-attack is a stark reminder of how supply chain vulnerabilities can become direct threats. It is estimated that personal data of up to 6 million customers may have been exposed, not through a breach of Qantas itself, but via a trusted vendor. This is the nature of modern cyber threats: indirect, unpredictable, and increasingly difficult to detect until it’s too late.

Supply chain security can no longer be an afterthought

Supply chain attacks are on the rise, and for good reason. Enterprises today are deeply interconnected, relying on a complex web of vendors, partners, SaaS providers, and cloud tools to run their businesses. Each external service introduces another point of vulnerability, and most organizations lack visibility into how these dependencies are secured, monitored, or updated.

Recent incidents, like the Qantas Airlines breach via a third-party call center, highlight how fragile the modern enterprise perimeter has become. Attackers no longer need to target core infrastructure; they go after the forgotten, misconfigured, or unknown systems at the edge of the supply chain.

Shadow SaaS, shadow AI, and the new security blind spot

As organizations embrace SaaS and AI to move faster, they’re also opening the door to a new breed of risk. Shadow AI and SaaS are tools and platforms adopted by the workforce without IT oversight. They are unvetted, unmanaged, and often invisible to security. What once lived inside the data center is now spread across thousands of apps, APIs, and AI services, many of which are connected to sensitive data and critical business processes.

The rise of shadow SaaS and AI compounds this risk. Shadow SaaS and AI can be connected to your corporate identity systems, financial systems, or data stores in seconds, often without any security controls in place. AI tools, in particular, can leak sensitive prompts, code, or customer information if misused.

Protecting your business from the next supply chain breach

The recent surge in supply chain breaches shows that it’s no longer enough to protect your own in-house system and infrastructure. To stay secure, you must understand and defend your third-party attack surface.

The first step in defending your third-party attack surface is Discovery

You need to know which third-party SaaS apps and services your organization is actually using, including shadow IT and AI-powered tools adopted without IT oversight. This means building a real-time, dynamic inventory of apps connected to your environment, who’s using them, and what data they touch.

Wing Security automatically discovers all the shadow Saas and AI apps connected to your organization. Wing owns the largest SaaS catalog covering over 350k SaaS apps and provides valuable insights into these apps, giving you the context you need to understand their use. This includes:

  • App description
  • The vendor
  • HQ geo location
  • Size
  • Certificates
  • threat intelligence history 
  • Does it use AI? Is there potential for leaking sensitive data?, and does the AI train on your data?

Wing can trigger a workflow for new SaaS apps that are being connected to your organization to help you better control this attack surface. But even more importantly, Wing can alert you when a connected SaaS app is breached, so you can decide how to contain a possible supply chain attack.

Next, assess your SaaS Risk Posture

Many SaaS and AI applications introduce unseen risks, and when they are connected to your environment, they become part of your attack surface, whether or not officially sanctioned. That’s why assessing your SaaS risk posture is essential.

First, you need to determine whether these apps are securely configured and whether there are any known issues. Misconfigurations, like sharing permissions, weak authentication, or lack of MFA, are among the most common causes of data exposure. Identifying vulnerabilities and misconfigurations across these SaaS and AI apps, and closing them quickly, is critical to preventing breaches.

Finally, implement continuous monitoring for SaaS Threat Detection and Response (TDR):

Wing’s SaaS TDR includes monitoring, detecting, investigating, and responding to security and SaaS identity threats that originate within or target your SaaS environment. This includes platforms like Microsoft 365, Google Workspace, IdPs, Salesforce, GitHub, Slack, and hundreds of others.

To provide effective SaaS TDR, Wing has deep integrations into SaaS platforms used for collecting rich, contextual telemetry, including user behavior, access patterns, and administrative actions. It also provides automated response capabilities like suspending the user, revoking tokens, or alerting security teams in real time (direct or via SOAR integration).

Supply chain attacks are inevitable. Stay ahead of the threat.

Security isn’t a one-time audit. It’s a living process that requires real-time visibility into how these third-party tools behave, so you can detect anomalies before they become breaches.

The next supply chain attack is already in motion somewhere. Make sure your business isn’t in its path. 

To Learn More, contact us at https://wing.security/request-a-demo/