FIIG Securities, Australia’s largest fixed income specialist with over 6,000 investors and $5 billion of funds under advice, has fallen victim to a cyber attack after an unauthorized third party successfully breached its IT systems.
ALPHV/Black Cat, a notorious ransomware group, has claimed responsibility for the cyber attack on FIIG Securities. In a post on the dark web, the threat actor revealed that they had stolen around 385 GB of data from FIIG Securities’ main server.
ALPHV further warned the company, stating that they had three days to establish contact and make decisions regarding the consequences of this “pity mistake” committed by the company’s IT department.
The Australian authorities have promptly responded to the FIIG Securities breach, initiating its cyber response strategy in collaboration with expert third-party cybersecurity professionals and isolating the affected systems.
Explaining the cyber attack on FIIG Securities
The cyber attack on FIIG Securities resulted in a massive data breach, encompassing a wide range of sensitive information, including employees’ personal data such as CVs, driver’s licenses, identification documents, Social Security numbers, financial reports, accounting data, loan data, insurance records, and agreements.
The compromised database also contains clients’ documentation, including driver’s licenses, identification documents, Social Security numbers, financial data, credit card information, loan data, agreements, and other confidential details. The breach includes project files, plans, and other commercially sensitive information.
FIIG Securities, a trusted name in the financial services sector since 1998, manages an impressive $5 billion in funds and boasts a clientele of 6,000 private individuals. With offices in Melbourne, Sydney, Brisbane, and Perth, the company employs over 100 dedicated professionals.
In response to the cyber attack on FIIG Securities, a spokesperson for FIIG Securities emphasized the firm’s proactive approach in partnership with relevant authorities to ensure compliance with all necessary requirements and to safeguard the security and privacy of the compromised data.
The spokesperson stressed that data protection remains their utmost priority, and they are taking the incident very seriously, reported Australian Broadcasting Corporation, reported.
Efforts are underway to promptly notify all stakeholders about the breach, demonstrating FIIG’s commitment to responsible data management.
Increasing targeted attacks on the financial sector
In recent years, the financial service sector has consistently remained a prime target for cyber attacks within the industry.
According to a report by Imperva, these attacks have witnessed a notable surge, with malicious actors setting their sights on the sector for various reasons including the potential for substantial financial gains, access to critical data, and valuable information that can be resold.
Furthermore, as connectivity and technological advancements continue to evolve, the threat landscape has expanded, amplifying the sector’s vulnerability to such attacks.
Given the frequency of security compromises resulting from errors and mistakes, it is imperative to adopt measures to protect against such incidents.
Whether occurring within the confines of an office or remotely, the involvement of employees and contractors in malicious activities represents a significant security risk.
Organizations must enhance their processes, cultivate the necessary expertise among personnel, and invest in advanced technologies as integral components of their defense strategy. Inculcating cyber awareness through training programs for end users and the entire team will also effectively foster robust cyber practices.
Cyber attack on FIIG and the ALPHV hitlist
FIIG Securities is the latest target of the ALPHV/BlackCat ransomware group, which is notable for being the first known ransomware written in Rust.
To gain initial access to the targeted systems, the ransomware gang utilizes compromised credentials obtained from previous security breaches. Once inside, the malware compromises both user and administrator accounts in the Active Directory.
According to an FBI Flash alert regarding the ransomware group, the malware employs Windows Task Scheduler to configure malicious Group Policy Objects (GPOs) for deploying the ransomware. In the initial stages, PowerShell scripts and Cobalt Strike are used together to disable security features within the victim’s network.
Following the Flash alert, the Center for Internet Security reported an increase in BlackCat activity, as observed by the MS-ISAC, an organization dedicated to monitoring and analyzing cyber threats.
The incident involving FIIG Securities came to light when an employee reported being locked out of their email account, and a password reset failed to resolve the issue. Further investigation revealed that the attacker had also encrypted files and wiped the organization’s backups.
Although the organization managed to restore the domain controllers and a few servers, other data could not be recovered. During an internal investigation, it was discovered that the BlackCat group was likely responsible for the attack, as stated in the CIS report.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
