Australian hedge fund Levitas Capital suffered a cyberattack in September, resulting in the loss of over $8 million. The security breach was initiated by a fake Zoom invitation that cybercriminals sent to the fund. Michael Fagan and Michael Brookes, founders of Levitas Capital, accepted the invite by clicking on the malicious link, thus allowing the malware to infiltrate the company’s network.
As a result, the attackers were able to take over the email system and launch fraudulent invoices worth $8.7 million, which were all approved. The Australian Catholic Super, the fund’s largest institutional client, canceled a $16 million investment due to the cyberattack, forcing Levitas to shut down for good.
Fagan discovered the breach by chance on September 23 while checking the company’s Commonwealth Bank account. He saw that $1.2 million were transferred out to Unique Star Trading over a week earlier. Furthermore, the funds were transferred to an ANZ bank in the south-western Sydney suburb of Bankstown, a branch that Levitas Capital had never conducted business with. Fagan added that the invoices were very suspicious and that the trustee and the administrator (AET Corporate Trust and Apex, respectively) should have noticed something was wrong.
For instance, the attached invoice was directed to Levitas when it should have been addressed to the trustee, AET. Furthermore, the fund had no previous relationship with Unique Star. Administrator Apex contacted Fagan to confirm the transaction, but he said he would call back to confirm any payment because he was at the gym. He later emailed Apex, but the latter did not respond, and $1.2 million was transferred out that day. Levitas later found out that the cybercriminals sent a bogus email to the administrator to authorize the operation, as they had control over the fund’s email system.
This is the latest scam in a series of attacks that targeted Australian hedge funds, with NSW police investigating the matter. Cybersecurity experts revealed that threats against such firms have risen, as employees working from home cannot conduct robust checks.
Using anonymity tools like VPNs significantly reduces cybersecurity risks and protects your online privacy. Websites like Anonymania feature detailed VPN reviews and how-to guides, as well as tips on how to access geo-blocked content.
Interesting Related Article: “Has Covid-19 had an impact on VPNs and their usage?“