Cybercrime poses a severe threat to the integrity and preservation of established and emerging investment firms. This article sheds light on the recent phishing scam that plundered the world’s largest sovereign wealth fund, Norfund.
The Norwegian Investment Fund, currently valued at over a trillion dollars, reported that hackers circumvented the fund into diverting a $10 million loan designated for a Cambodian microfinance institution. After infiltrating communications between Norfund and the borrowing organization, criminals hijacked the information exchange and distorted payment information to transfer the assets to an account in Mexico.
With the police investigation underway, details regarding the attack are still amassing. Various hypotheses point to a compromised network, business email compromise (BEC) scam, also known as CEO Fraud, or pwned workstations.
In a press release published by Norfund, CEO Tellef Thorleifsson recognized the grave incident and outlined the firm’s immediate plans to bolster security measures around operations and systems.
The conjunction of crime and greed fuels the $12 billion of losses attributed by the FBI to BEC incidents between October 2013 and May 2018. With minimal costs to cybercriminals and potentially staggering setbacks for institutions, BEC is a lucrative scam we forsee escalating throughout 2020 and beyond.
Peers within the investment industry should reflect on the Norfund incident to re-evaluate their current, or lack thereof, cybersecurity programs, and act swiftly. As motivated hackers trek onward to identify their next victims, one thing is evident; no business is immune to cybercrime’s jarring consequences.
Align’s Cybersecurity Advisory Practice was designed by investment industry veterans to address our clients’ unique needs and pain points. For information regarding these services, visit here or contact us.