01 Dec Business Email Compromise
AFP cyber crime unit, ReportCyber has tallied over 2000 reports since June this year of cyber attacks on Australian businesses. No one is pointing fingers but some reporters believe that most digital frauds are from China and Middle Eastern cyber gangs, totalling some $174 million of funds stolen since July 2019 through email scams alone.
For Levitas Capital, a Sydney based hedge fund, hackers found their way in through a Zoom invitation that allowed them access to the company’s email system and in particular, the director’s email account that could be used to communicate with the trustees and administrators to request funds. This is called ‘business email compromise’ and they are known to target companies that commonly use wire transfer for payments. The crime was intercepted before the $8.6 million worth of paid invoices were withdrawn from the bank, when a company director checked the internet banking account and noticed a suspicious transaction of $800,000, from 8 days before, that did not compute with previous transactions. A western Sydney bank account that was not known to the company was the recipient of the funds.
Unfortunately for Levitas Capital this cyberattack led their biggest client, Australian Catholic Super, to withdraw its managed funds immediately from the hedge fund upon learning of the cyber attack. Levitas was forced to close its doors 2 weeks ago.
The Levitas Capital directors have not yet communicated the fall-out however it should be noted that nowhere on their website or previous media interviews outlining their promising and well established skills in investment and reading market volatility, is there any mention of securing funds and protecting their investors. Where was the promise to instil security protocols that ensure the safety of client funds and data? Could they have supported technical departments and trained staff to be alert to security fraud? No company or directors thinks this kind of attack can or will happen to them, so it gives hackers easy targets with little to no digital resilience.
There is no technical director or chief security officer listed on the list of directors at Levitas Capital. For a company that was set up in 2013 and then strategically capitalised on market volatility by launching a managed fund, ARVIX in 2016, it is surprising that there were not better checks in place to avoid this kind of fraud. Especially considering that the AFP’s cyber crime unit have been on the heels of business to take stock of their cyber attack resilience in the wake of COVID-19 and changing work practices.
Faster Networks help businesses protect their digital assets. We are a cyber security partner that brings the best software solutions that anticipate and fix digital vulnerabilities. Our areas of expertise includes Vulnerability Management, Security Orchestration Automation and Response (SOAR), Application Security, Infrastructure Security, Distributed Denial of Service (DDoS) Protection and Application Pentesting.