Australian Financial Services Company is Sued for Repeatedly Being Hacked… and Doing Zero About It

The Australian Securities and Investments Commission (ASIC) is suing RI Advice Group for being hacked multiple times over a year’s time that includes 155 hours of undetected hacker activity.

Internet Hacking Security

If you are the victim of ransomware once, it’s probably inevitable. But if you’re a ransomware victim again, and then hacked on a third occasion, you’re probably not paying attention to the need to properly secure your environment.

According to a notice filed earlier this month in Australian federal court, RI Advice Group was the victim of two remote access-turned-ransomware attacks in December 2016 and May 2017, and a third successful attack on a server containing sensitive financial information and client identification documents in December of 2017. The last one’s the kicker: in a port-mortem analysis, it was determined there were nearly 28K logon attempts – none, of which, were detected – and the hacker stayed logged in using compromised credentials for a total of 155 hours over a period of months leaving behind cryptomining software, a peer-to-peer sharing application, hacking tools, and brute-force password-cracking software. To add insult to injury, a trojan malware attack also occurred in May of 2018.

This company either isn’t paying attention or doesn’t care about their cybersecurity stance.

Because RI Advice Group is a financial services firm, they are subject to the ASIC, who are suing them for failing to establish and maintain compliance measures that include security controls.

I write a lot about the monetary impacts cyber attacks have on organizations, such as paying ransoms. But it’s important to note that there are additional repercussions – like being sued for non-compliance – that can put an organization out of business.

Pay attention – and when the first cybersecurity incident happens, take note, do an analysis of your security controls, and take steps to implement stronger measures that will ensure you’re less vulnerable in the future.


Principal Owner, Marketing Firm

Bringing IT360 on as our technology services “department” was one of the smartest business decisions we’ve made. Over the years, we’ve tried various similar services and have also hired internal IT staff, and we’ve never felt confident that we were adequately supported. IT360 has changed all that. They not only provide proactive, comprehensive technical support and consulting, they engage with us in a way that feels like they are part of our company…a true business partner.

Principal Owner, Marketing Firm

Technology News

IT 360 News
BEC Incidents Intent on Invoice or Payment Fraud Increase 155% Across All Industries

Business Email Compromise appears to be back in the saddle again, as attackers use simple social engineering and domain impersonation to trick victims into paying up. In the midst of adjusting to working-while-COVID, ransomware seemed to be at the forefront of attacks. But new data from Abnormal Security’s Q3 Quarterly BEC Report shows that business email compromise has recently grown in interest […]

Read more
IT 360 News
Thinking Skeptically About Smishing

Organizations need to train their employees to be on the lookout for SMS phishing (smishing), according to Jennifer Bosavage at Dark Reading. Bosavage explains that attackers exploit normal human behavior to gain access or information from employees. “Cyberattackers leverage the way people typically respond to certain social situations to trick them into disclosing sensitive information about themselves, […]

Read more