Though it may seem small, it is critical you update your Google browser often. It is believed that a simple Google Chrome flaw caused an Australian hedge to be breached and ultimately shut down.
Key Takeaways:
- The hedge fund attack on Levitas Capital started with a Zoom invite. Phishing emails during the pandemic skyrocketed, as attackers rushed to take advantage of the newly remote workforce and the tools they required to stay connected.
- The hackers often use automated programs to look for key terms in emails which may reveal who can authorize large money moves, when invoices are due, or when major money might be coming in. In this case, the hackers impersonated people at the firm in order to demand that $1.2 million be transferred to a specific account by reaching out to a third-party vendor called Apex.
- This is known as a Business Email Compromise (BEC) – when a business email has been hacked into to demand large sums of money.
- With BEC attacks, it doesn’t stop once a successful transaction has been made – the hackers tend to come back to demand more. For Levitas Capital, the hackers pretend to be the co-founder, Fagan.
- “A week after the first transaction, another fake invoice was wrongly authorised from the Levitas account. This time $2.5 million was sent to the Bank of China in Hong Kong to a company called Pavelin Limited… on the same day—September 22—the trustee received further instructions from the administrator to send $5 million to East Grand Trading at the United Overseas Bank in Singapore. The same red flags were evident on the invoice, but again, no verification calls were made. The money was approved for transfer.” – The Australian Financial Review
- Though the funds were immediately stopped, Levitas Capital still lost the initial $1.2 million and suffered major reputational loss. As a result of this, its largest investor pulled out and Levitas Capital collapsed.
Why it Matters:
- Keeping your browser updated is so simple – it’s even something Google usually does automatically – but that means it’s also easy to forget. Staying on top of updates can be the difference between your company’s safety and its downfall.
- A new version of Google Chrome comes out every six weeks, and security patches occur even more frequently than that, so it’s imperative that you make sure your browser is always up-to-date.
- First, access Chrome’s “About Google Chrome” page by clicking the three vertical dots in the top right corner, then hovering over “Help”, then clicking “About Google Chrome”. This will automatically check for and download any available updates.
- If an update is waiting to install, you will see an up arrow that can be one of three colors:
- Green – an update has been ready for two days
- Orange – an update has been ready for four days
- Red – an update has been ready for a week
- After installation is complete, you can then click “Relaunch” to finish updating or come back to the “About Google Chrome” tab later if you’re still working on some things on your computer.
- Afterward, you can verify that you’re using the latest version of Chrome by heading back to the “Help” page – it will tell you whether or not Chrome is up to date.
- Small items such as a browser update can feel too minuscule to actually make an impact, but it’s actually the opposite. All the little things make up a much larger cybersecurity picture that encompasses all of your data across the board.
- With a cybersecurity partner, you’ll never miss an update or alert regarding your organization’s wellbeing. The right firm will keep you posted on everything your company can do to protect itself, from the little things like Chrome updates to the big things like a major threat.
Resources:
- Source 1: https://www.secureworld.io/industry-news/hedge-fund-closes-after-bec-cyber-attac
- Source 2: https://www.howtogeek.com/412273/how-to-update-google-chrome/
- BW Secure: https://www.bwcyberservices.com/bw-secure/
- BW’s Vulnerability Assessment and Penetration Testing: https://www.bwcyberservices.com/services/penetration-testing/
- BW’s Enterprise / Custom Training & Phishing: https://www.bwcyberservices.com/services/training-phishing/
- BW’s Managed Detection and Response: https://www.bwcyberservices.com/services/managed-detection-response/
