Blog

Microsoft 365 Hackers Steal Millions from 3 Private Equity Firms

Last week, three private equity firms made headlines when a Microsoft 365 hack cost them a collective $1.3 million. Only half of that sum has been recovered. A team of hackers, dubbed the “Florentine Banker,” had – as reported by Forbes – been “stalking private equity firms, monitoring internal systems, diverting emails hijacking relationships, interpreting and even initiating wire transfers to steal millions of dollars from multiple organizations.”

Florentine Banker had been stalking private equity firms, monitoring internal systems, diverting emails hijacking relationships, interpreting and even initiating wire transfers to steal millions of dollars from multiple organizations

The Florentine Banker snuck its way into the firms’ systems, where it hid, collecting data, until it knew the companies inside and out. Then it struck, making off with large sums before anyone was the wiser. We’d like to say we were surprised, but we can’t. This sort of thing happens constantly and the costs can be far higher than bad press and $1.3 million split three ways.
 
The problem isn’t that these companies aren’t careful. These are firms made up of smart people, who use their security tools to their best ability to protect themselves and their clients. They regulate employee cyber hygiene, they have strict policies around confidentiality, and they employ IT teams to keep them safe. The problem lies with the very strategies they use to protect themselves.
 

Phishing email example from Check Point

Legacy cybersecurity systems focus on building taller and taller walls to keep attackers out. These walls may be effective 99 times out of 100, but they require constant hypervigilance, no room for human error, and the ability to always anticipate all possible attackers’ next moves. That’s an impossible ask. That one time when the walls aren’t effective is all you need to find yourself in the press, short a million plus, and dealing with investors’ loss of confidence.
 
People tend to think that the only information to be cautious about are the particulars of financial moves or investment strategies. This most recent hack shows that anything can be enough for hackers to get a toehold. “They [the hackers] had to learn the nature of a company, spot the relevant threads, purchase lookalike domains, impersonate both sides, establish relevant bank accounts, make the transaction, maintain mules to withdraw the money” said Check Point’s Lotem Finkelsteen. It started with the Florentine banker spying on seemingly innocuous communications, and it ended with them successfully socially engineering transfers of over a million dollars out of their firms’ coffers and into their own.

They [the hackers] had to learn the nature of a company, spot the relevant threads, purchase lookalike domains, impersonate both sides, establish relevant bank accounts, make the transaction, maintain mules to withdraw the money

Don’t run yourself ragged building taller and taller walls around your data, when that strategy doesn’t guarantee that your firm won’t be the next to be stalked and robbed. Use modern technology that keeps you safe even when someone on your team makes a poor judgment call, your server is breached, or the best of the best hackers are after you. There are better solutions out there.

 
PreVeil provides secure communications for enterprises. Using end-to-end encryption, cryptographic keys, approval groups, and trusted communities, PreVeil keeps your data safe no matter who the attacker is or what their strategy is. Here’s how.
 

End-to-end encryption scrambles your data at all points in sending and storage, including on the server, so you can’t be stalked. No one but the sender and the recipient of the message can see what has been sent, not even the service provider. If the server is breached, the attacker will see nothing but gibberish.
 


Passwordless authentication with cryptographic keys eliminates the threat passwords pose to security. Passwords can be lost, stolen, shared, or guessed. Cryptographic keys are very long strings of characters that are stored on your physical device and are so long that guessing them is beyond the capacity of modern computational technology. Short of stealing your physical device, an attacker won’t be able to break into your account.
 
Approval groups eliminate the single point of failure that traditional admins pose to systems. Using the same strategy used to secure nuclear launch codes, approval groups require all members of a preselected group of individuals to combine their cryptographic keys in order to carry out privileged actions, like accessing corporate data en masse.
 
Finally, trusted communities eliminate the threat of phishing and social engineering. In a trusted community everyone in the conversation is guaranteed to be who they claim to be. You don’t have to watch out for slightly-off domain addresses or worry about fraudulent money transfer requests. They won’t get through to you. The hack that affected these three private equity firms would not have been possible.
 
Hacks like the one used by Florentine Banker are not going to stop. Check Point noted that this is but the tip of the iceberg:

“We believe this is evidence that the group is marking additional targets”

It’s essential that financial firms use communication systems that provide certainty of who you’re communicating with, certainty that no data is tampered with in transit or on the server, and certainty that all data is shared and stored privately and securely. With legacy systems, you’re set up to sooner or later fail. Hackers’ surveillance, social engineering and scams can be incredibly sophisticated and, given enough time, you too will fall victim.
 
When there are corporate reputations and millions of dollars at stake, don’t settle with your security. Learn more about how easy PreVeil makes effective modern cybersecurity.