Chinese Hackers Steal Millions in Wall Street Tech Firm Breach | Hacked: Hacking Finance
Hacked: Hacking Finance

Breaches

Chinese Hackers Steal Millions in Wall Street Tech Firm Breach

Posted on .

Chinese Hackers Steal Millions in Wall Street Tech Firm Breach

Introduction

This article was posted on Wednesday, 14:02, UTC.

A former commodities investor client of SS&C Technologies has sued the Wall Street technology firm for allegedly falling for a phishing scam by China hackers, according to CNBC last week.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

Tillage Commodities Fund claimed SS&C Technologies wired almost $6m of its funds to the hackers back in March and the email scam has taken it offline temporarily. Tillage alleges SS&C Technologies, its fund administrator, ignored its own protocol, resulting in the lost funds.

Tillage stated in a lawsuit that staff at SS&C failed to “exercise even a modicum of care and responsibility in connection with known and obvious cybersecurity threats.”

Certainly for registered investment advisors, the SEC has made it clear that vendor due diligence is a top priority from a compliance perspective, says Eldon Sprickerhoff, the Founder and Chief Security Strategist at eSentire which manages cyber threat detection and response services. He described attacks to affect wire transfers, such as the one that targeted Tillage using an important third-party vendor as the phishing vector, as highly effective and one of the most common attack vectors used by threat actors today.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Sprickerhoff added: “Every vendor has a responsibility to protect their client’s data; every firm has an obligation to manage third-party due diligence to protect themselves from these sorts of data breaches. Hindsight might make one wonder how the firm’s employees could fall for the falsified emails in the first place, but the reality is that the hallmarks we notice when examining these types of emails are exactly the kinds of things that busy employees miss when they’re simply moving from one task to another, especially when they take for granted that an email they’re reading is seemingly coming from a trusted client or partner.

Learning these signs and triggers is something that can become muscle memory through regular cybersecurity training – it’s up to every organization to mandate and maintain a regular cadence around awareness training.”

According to the filed complaint, Sprickerhoff said what makes this case troublesome is that hackers targeting Tillage were able to successfully extort funds through one of the firm’s vendors by impersonating TCF emails and falsifying supposed TCF information which is a layer of complexity that makes it even easier to trick employees.

// -- Get exclusive consultation for as low as $249 per month on MoneyMakers.com -- //

He said: “Unfortunately, this is a poignant use case that demonstrates the sophistication and evolution of phishing attacks.

Like many other transaction breach cases we’ve seen this year, casual or lax authorization checkpoints can inadvertently greenlight these kinds of heists. It comes down to policy development and policy enforcement; it’s never been more important to evaluate and augment internal control measures.”

SS&C Technologies recently strengthened and enhanced fund administrator capabilities by acquiring Wells fargo Global fund services to add 250 headcount serving more than 130 fund relationships in US, UK, Singapore and Hong Kong.

Image from iStock/MilosJokic.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Olusegun Ogundeji

Olusegun Ogundeji

There are no comments.

View Comments (0) ...
Navigation
The team:
Dmitriy Lavrov
Analyst
Dmitriy Lavrov is a professional trader, technical analyst and money manager with 10 years of trading experience. He covers Forex, Commodities and Cryptocurrencies. He is among the top 10 most Read More
Jonas Borchgrevink
Founder
Jonas Borchgrevink is the founder of Hacked.com and CryptoCoinsNews.com. He is a serial entrepreneur, trader and investor. He shares his own personal journey on Hacked.com. // -- Discuss and ask Read More
P.H. Madore
ICO Analyst
P. H. Madore lives in Arkansas with his wife and children. He has covered the cryptocurrency beat over the course of hundreds of articles for Hacked’s sister site, CryptoCoinsNews, as Read More
Mate Csar
Analyst
Trader and financial analyst, with 10 years of experience in the field. An expert in technical analysis and risk management, but also an avid practitioner of value investment and passive Read More
Justin O’Connell
Journalist
Justin O’Connell is a cryptocurrency journalist who works have appeared in the U.S.’s third largest weekly, the San Diego Reader & VICE. // -- Discuss and ask questions in our community Read More
Mati Greenspan
Analyst
Senior Market Analyst at Etoro.com. // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Important: Never invest Read More
Rakesh Upadhyay
Analyst
Rakesh Upadhyay is a Technical Analyst and Portfolio Consultant for The Summit Group. He has more than a decade of experience as a private trader. His philosophy is to use Read More
Pamela Meropiali
Account Manager
Pamela Meropiali is responsible for users on Hacked.com. // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Read More
Joseph Young
Journalist
Joseph Young is a finance and tech journalist & analyst based in Hong Kong. He has worked with leading media and news agencies in the technology and finance industries, offering Read More
  A security firm has published an advisory that warns…