High-net-worth families and family offices are attractive targets for cybercriminals, as many of these offices lack sophisticated—or even basic—security infrastructures. It’s even more devastating when hackers target a family office with a global reach.
Given how easy it is to target these victims and their attractive profiles, cybercriminals’ attacks have become more specific and sophisticated (as well as more numerous). The wealthy are particularly vulnerable to so-called “phishing” and “spear-phishing” attacks.
Ransomware
This software locks up a computer or network, and attackers using it send a message to the victims, saying they’ll refuse to release the affected devices until a ransom is paid. The most common types of ransomware encrypt the data stored on the victim’s network. The encryption can only be undone by the use of a unique computer code “key,” which the perpetrators provide after being paid a ransom (usually in cryptocurrency, such as bitcoin). Sometimes the perpetrators (who are known as “threat actors” in the law enforcement and legal communities) will remove the data from the affected systems before encrypting it and threaten to release it publicly or sell it on the dark web.
Oftentimes, this data has been specifically sought out and stolen by the threat actors well before the computer systems are locked and the ransom demanded, sometimes months before. This is clear evidence of the sophistication and planning behind such crimes.
Cybercriminals single out family offices and the wealthy with these types of attack for several reasons. These offices lack the kinds of sophisticated information security used by major corporations (the family offices might not initially believe their data is tempting to malefactors). Yet the victims often have financial information that would cause major problems if revealed publicly or sold to criminals. The attackers might also search for embarrassing or private information about the individual or family, especially if the computers or networks are used for both personal and office business, and demand payment to keep from publicizing such information.
Go Phish
“Phishing” is a form of cybercrime that gets its name from the way in which the criminals set out “bait” (often in the form of faked or spoofed emails) and hope someone clicks on a link or follows instructions they shouldn’t. The user gets “caught” by following the steps—and then infecting their network. Some phishing emails are generic and imitate communications from a common internet provider or retailer. A malicious link might download a virus onto the computer of the person who clicked on it. In other cases, the links could lead to a spoofed web page or website, which tries to trick unwary users into entering credit card or banking information.
Spear-Phishing
“Spear-phishing” is more targeted. In this sort of cyberattack, a threat actor sends a specific, fake email, often with sophisticated masking or spoofing that makes it appear to be from a person and email address the victim knows. Sometimes the actors have infiltrated the email systems of a target long before they launch the attack and have read and studied the language and diction of the person they are trying to imitate. These attackers will then take personal details about their victim gleaned from earlier communications and discuss imminent transactions in order to supply fake wiring or routing instructions.
Criminals using this approach have successfully stolen hundreds of millions of dollars in recent years. It is easy to see how family offices and high-net-worth individuals in particular would be attractive targets for sophisticated spear-phishing attacks, since their operations often follow fewer bureaucratic procedures and less often internally verify their communications than people do in the corporate world.
What’s At Stake
It’s obvious what’s at stake from such attacks. If you’re the victim of ransomware and choose not to pay (and sometimes even if you do), your computer systems may not function for days. The data that was encrypted may be damaged or destroyed even if it is restored. Ransoms can run into the millions of dollars, depending on the size of the attack and the value of the target (you’ll likely need to secure some bitcoin).
Also, remember that it’s an international problem: Ransomware is almost always a cross-border crime. The computer programs that enable the attacks are bought and sold by criminals on the black market online, and the perpetrators themselves are often located in unfriendly jurisdictions. The FBI and Europol (in the EU) are following the problem and can resolve some attacks, but the ability of any law enforcement agency to reach these threat actors in person is limited not just by the fact that the crimes happened on the internet, but also by the difficulty of asserting jurisdiction in many of the countries where the threat actors choose to locate.