Private Equity firms stung for more than $1 million in organized cyber attacks

Updated on

Recent weeks and months have seen a surge in cyberattacks, perhaps due to the criminal fraternity staying indoors and working from home like the rest of us. However, this time they have been setting their sights beyond the elderly and the vulnerable.


Q1 2020 hedge fund letters, conferences and more

In fact, three UK Private Equity firms found themselves staring down losses of £1.1 million ($1.2 million) according to an investigation report recently made public by Check Point, a Cybersecurity firm based out of Tel Aviv. It is the culmination of what has been a sustained series of attacks on private fund managers over the past year or so.

Gone phishing

Check Point reported that three unnamed UK firms had been targeted by a hacker known as the Florentine Banker, using a scam that was frightening in its simplicity. The fraudster used a succession of fake emails and lookalike web domains in what was essentially a classic phishing scheme.

In December 2019, four attempts were made to wire the money to fraudulent bank accounts set up in the UK and Hong Kong. Around half the money was salvaged thanks to emergency intervention measures. The rest, however, appears to be gone forever.

A rising trend

Richard Horne is a partner at PwC who focuses on cybersecurity. He says there is a growing trend towards online criminal gangs setting their sites on financial institutions. Like the phishing emails against which we are forever warning our elderly loved ones, the criminals use the simple bait of an email containing a link that looks innocuous, trustworthy or both.

Click the link, however, and the recipient downloads malware or is perhaps duped into providing login information that then gives the criminals open access to company networks. In the case of the Florentine Banker, senior executives were typically targeted. In the first stage of the attack, all it took was to send emails to two such individuals.

One unwittingly provided login credentials, and the criminals had their foot in the door. From there, the attacks continued over a period of weeks, with each new successful target providing more information about the company and allowing the scammers to tighten their grip.

The perfect target

It is easy to assume that hackers would steer clear of financial institutions due to the controls that we can reasonably expect to be in place. However, the prize is seen to be worth the price according to Maten Ben David, a Check Point analyst. He stated in his report that private equity and venture capital businesses are “the perfect target” due to their routine involvement in significant money transfers.

Cybersecurity is a high priority and a 2018 survey by PwC showed that 41 percent of analysts and investors worry about being a victim of cybercrime and cyberattacks. Especially considering that a recent report by PrivacyAffairs revealed that cyberattacks have increased by 440% over the last 10 years.

This made it the largest business risk, up from fifth in 2017. The latest events show that there is always more to do and standing still is no way to stay a step ahead of the fraudsters.