‘Dumb, rich and insured’: hackers target Aussie firms

Lance Rubin considered himself lucky the day hackers broke into his business.

He told attendees at the On the Defense Live event in Brisbane on Thursday that email requests to his busy finance firm had ground to a halt, allowing him to catch up on work.

The first clue that something was wrong was an unexpected bill from one customer, followed by messages from other customers warning that their technology had been compromised.

“I started receiving text messages from people I trusted saying you were ‘hacked,'” he said.

“I said I didn’t send any emails, in fact I didn’t even receive any emails, this was the best day of my life.”

Criminals had found a way to break into Model Citizn’s email system using a forgotten employee account with administrative rights.

Using this access, hackers were able to forward all emails from the company and send their own emails to 20,000 customers, fraudulently requesting payments from them.

Mr. Rubin said the business has since re-established safety protocols and conducted regular inspections, but felt the need to share his story to warn other small- and medium-sized business operators.

“Society doesn’t really understand cybersecurity properly,” he said.

“If people understood how complex this is, they would be a little more open to hearing these stories.”

Ethical hacker Bastien Treptel told attendees Australian businesses were increasingly being targeted by sophisticated criminal syndicates.

A recent tour of foreign fraud centers with the Australian Federal Police revealed the gangs were operating as well-funded, legitimate businesses.

“If you look at satellite photos of these establishments, five years ago they were small huts, but now they have huge structures in Indonesia and Thailand,” he said.

“You’re talking about three-story buildings, 180-plus staff, HR managers, people who literally believe they work for Microsoft Indonesia.”

Hacking groups in turn target business types such as real estate agents and financial firms, and one hacker told Mr. Treptel that they were trying to keep profits below $7 million a week to avoid attracting police attention.

This is why groups have not yet used more damaging, artificially intelligent attack tools.

“Australia is targeted more than anywhere else because – his words not mine – we are stupid, rich and insured,” he said.

“It’s in its arsenal, ready to deploy the next wave, and we’re not ready.”

Eftsure chief executive David Higgins said attacks were also becoming more personal and daring and called on more businesses to share information about intrusions to help the industry defeat them.

“There was a $6 million startup that we blocked recently, and the scariest thing about it was that it wasn’t a small company,” he said.

“These scammers are getting bolder and will go after just about anyone.”