An Australian hedge fund was forced to close after a cyberattack via Zoom in September led to mistaken approval of $8.7M in fraudulent invoices. Following news of the attack, the hedge fund’s largest institutional client withdrew its money, effectively leading to the fund’s closure.
How the attack worked
In the cyberattack, criminals issued a fake invitation to a Zoom video conference. Once accepted, the invitation planted malware on the recipient’s network that provided access to the hedge fund’s email system. Once inside the system, the attackers simulated multiple invoices from various sham firms, and likewise were able to spoof email approvals for payment.
How it was discovered
The attack was discovered when the fund’s co-founder noticed an unusual $1.2M payment to an unrecognized firm via a previously unused account. Soon after, an additional $2.5M invoice was sent to a previously unknown company in Hong Kong, and later a $5M payment was sent to a Singapore address. Following frantic calls, the co-founder was able to stop payment on many of the transfers, but not before more than $800,000 was withdrawn from several locations.
Missing steps in approval process
In addition to the effectiveness of the Zoom hack, the attack points to multiple payment control failures by the fund’s administrators and trustees, leading to the payment fraud. Despite multiple red flags on the invoicing (unrecognized firm, previously unused accounts, invoice addressed to hedge fund not the trustee, categorization as a “capital call”), payments were still issued. No voice call verification of the hedge fund’s managers was pursued by the trustee. When the fund administrator was unable to get verification by phone, the money was approved based on a spoofed email. Ultimately, voice approval was bypassed.
The attack on this hedge fund indicates multiple areas of concern for hedge funds and for financial firms in general.
The attack highlights the need for:
- Continuous vigilance and training regarding Zoom and other video conferencing software tools, particularly with regards to accepting invitations from unknown sources.
- Increased security protocols to protect firms who are more vulnerable during the move to remote work due to the pandemic.
- Proper use of checks and balances between funds, trustees, administrators, and indeed all parties prior to issuing of funds. Red flags must be pursued. Proper voice verification is a must.
- Awareness of payment fraud techniques used by cybercriminals.
How We Help
ACA Aponix offers the following solutions that can help firms enhance their cybersecurity and take necessary steps toward preventing the success of attacks similar to the one suffered by the Australian hedge fund.
- Phishing testing and cyber awareness
- Payment fraud and risk assessments
- Cybersecurity and technology risk assesments
- Cyber incident response planning
- Threat intelligence
If you have any questions, please contact your ACA Aponix consultant or email us at email@example.com.