'Dumb, rich and insured': Hackers exploit Aussie firms' vulnerabilities

Severity: Medium (Score: 57.1)

Sources: Canberratimes.Au, Thesenior.Au

Summary

On May 7, 2026, Lance Rubin's financial firm, Model Citizn, was hacked through a forgotten employee account with administrative rights. The attackers diverted emails and sent fraudulent payment demands to 20,000 customers. Ethical hacker Bastien Treptel reported that Australian businesses are increasingly targeted by sophisticated criminal organizations, which operate like legitimate businesses. These hacking groups take turns targeting specific sectors, such as real estate and finance, and aim to keep profits below $7 million weekly to avoid police attention. The incident highlights a broader trend of increasing cyber threats against Australian firms, which are perceived as 'dumb, rich, and insured.' Following the breach, Model Citizn has improved its security protocols and conducts regular audits. The situation underscores the need for greater awareness and understanding of cybersecurity among businesses. Key Points: • Model Citizn was hacked via a forgotten employee account with admin rights. • Attackers sent fraudulent payment demands to 20,000 customers. • Australian businesses are increasingly targeted by sophisticated criminal organizations.

Key Entities

• Australian Associated Press (company)
• Australian Federal Police (company)
• Eftsure (company)
• Microsoft Indonesia (company)
• Model Citizn (company)
• Australia (country)
• Indonesia (country)
• Thailand (country)
• Financial (industry)
• Real Estate (industry)
• T1078 - Valid Accounts (mitre_attack)