Retirement funds breached as crims target brokers' un-patched Windows machines

Why breach a bank when you can target a laptop running torrents and games?

ACSC 2016 Australians are having their retirement savings accounts drained as hackers move to breach broker platforms rather than the tougher target that is banking infrastructure.

The Australian Federal Police AFP are investigating a spike in breaches against devices used by brokers who administer boutique, "self-managed" superannuation funds. Some brokers manage hundreds of such funds, a service that helps investors who think they can do better by picking their own retirement savings-boosters instead of relying on a larger fund.

Self-managing a fund may be financially prudent. But the AFP warns that service providers are not as security-savvy as large superannuation funds.

“Some of these brokers are running Bittorrent, Counterstrike, and then logging into broker software and managing hundreds of accounts,” Australian Federal Police cybercrime team leader Scott Mellis told The Register.

The easy target that is a poorly-managed PC means criminals have “tried their trojans and are now moving away from targeting banks,” Mellis added.

Mellis says breached brokers have fixed their poor security postures after being notified by the Federal Police.

Australians can withdraw superannuation funds before the age of 55 only under limited circumstances.

The Australian Securities and Investments Commission says scammers exploit this allowance by using stolen identity credentials to set up self-managed super funds where balances and be transferred and then withdrawn.

Victims may have little recourse if their accounts are drained. ®

Biting the hand that feeds IT © 1998–2021