.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Know Your Breach: The Florentine Banker
Apr 24, 2020 11:34:56 AM
The target: Three large UK and Israeli-based Private Equity firms, among others, were targeted by an organized criminal enterprise dubbed ‘The Florentine Banker’ by security researchers.
The take: 1.1M GBP, transferred to fraudulent bank accounts – only half of which was able to be recovered.
The attack vector: The unnamed victims were targeted with a prolonged business e-mail compromise attack, where targeted phishing e-mails were sent to various employees, until eventually, attackers had access to multiple e-mail accounts. Over time, the attackers reviewed correspondence in these accounts to compile an overview of the structure of the firms, relationships with outside parties, and gained an understanding of the channels and procedures used to move money. From there, they added mailbox rules to redirect messages pertaining to wire transfers, and interjected themselves into those conversations using look-alike domains in order to intercept and redirect funds.
This story highlights the vital importance of compensatory controls and secondary validation steps around critical actions like transfer of cash (voice/video confirmation of the details of an e-mail request, for example). Furthermore, incidents like these serve to highlight the necessity of enabling (and enforcing) two-factor authentication on e-mail accounts and rigorous social engineering training and testing of staff to help prevent compromise. Ultimately, firms must nurture a culture of critical thought and encourage employees to question requests or actions which seem out-of-the-ordinary.
