This week The Australian Financial Review revealed Sydney-based hedge fund Levitas Capital was forced to close after a fake Zoom invitation was used to compromise the email system of the fund and led to them paying three fake invoices worth $8.7 million, before recovering some of the money.
Since then it’s been revealed $174 million has been stolen from Australian businesses via these scams in the last year and the Australian Federal Police have now formed a taskforce to tackle this crime.
Gilbert + Tobin partner Michael Williams said the Levitas attack demonstrated how even a “low-tech” compromise of a company’s systems could cripple a business.
“It’s not the kind of situation that was beyond anyone’s contemplation a couple of years ago, but it has happened and I think now what we’ve got to do is think about why it happened,” he said.
“What it flags is the need to think more about the systemic risks that we’re talking about here. Could the hedge fund have done more? Time will tell … but the question we should be asking is if that kind of scenario can easily occur, what is the most direct way to interfere with the steps that were taken by the threat actors in order to take the money.”
Mr Williams said the Levitas collapse was also an example of why email authorisations for transactions and any big remittance of funds was an increasingly risky thing to do.
As well as not seeking revenge on the adversary, Transgrid chief information security officer Garry Bentlin said finding out who was behind an attack doesn’t even cross his mind.
“We’d go through our normal incident response process – isolate, clean it up and hand the evidence over to the correct authority. We’re not in the business of attribution,” he said.
“I think it’s very slippery to focus on attribution … unless it’s your craft.”
Instead, Professor Seebeck said, a company’s immediate priority should be determining the motive of an attack, since that can reveal other systems or data that could have been compromised and will shape the company’s response to the breach.
“Are they trying to deny access? That might lead you down one path. Are they trying to disrupt your business, or are they trying to destroy things? Trying to get into the issue about what their motives are … will inform the long-term.”
CISO Lens’ James Turner said companies such as Toll, BlueScope and Levitas were not unique and these attacks could have happened to any number of companies.
“Hope is not a strategy. You can’t just hope that it’s not going to happen to you.
“Crime is going up and your ability to withstand the attack is going down.”