Email demands to the busy financial firm had ground to a halt, letting him catch up on work, he told attendees at the On the Defense Live event in Brisbane on Thursday.
His first clue something had gone amiss was an unexpected invoice from a client, followed by messages from other customers who warned his technology had been compromised.
"I started getting text messages that 'you've been hacked' from people that I trust," he said.
"I said I have not sent any emails, in fact I haven't even received any emails, it's been the greatest day of my life."
Criminals had found a way to break into Model Citizn's email system using a forgotten employee account with administrative rights.
Using this access, hackers were able to divert all emails from the company and send their own to 20,000 customers, fraudulently demanding payment from them.
The business has since rebuilt its security protocols and conducts regular audits, Mr Rubin said, but he felt compelled to share his story to warn other small and medium-sized business operators.
"Society doesn't really understand cybersecurity properly," he said.
"If people understood how sophisticated it was, they'd be a bit more open to hearing about those stories."
Australian businesses are increasingly targeted by sophisticated criminal organisations, ethical hacker Bastien Treptel told attendees.
His recent tour of foreign scam centres with the Australian Federal Police revealed gangs were operating like well-funded, legitimate businesses.
"If you look at the satellite photos of these organisations, five years ago they were little huts but now (in) Indonesia, Thailand, they've got massive compounds," he said.
"You're talking three-storey buildings, 180 staff-plus, HR managers, people who literally believe that they work for Microsoft Indonesia."
Hacking groups take turns targeting business types, such as real estate agents and financial firms, and one hacker told Mr Treptel they tried to keep profits below $US7 million a week to avoid police attention.
It is the reason why the groups are yet to deploy more damaging, artificially intelligent attack tools.
"Australia is targeted more than anywhere else because – his words not mine – we are dumb, rich and insured," he said.
"In his arsenal, he is ready to deploy the next wave, and we aren't ready."
Attacks were also becoming more personalised and audacious, Eftsure chief executive David Higgins said, and he urged more businesses to share information about break-ins to help the industry defeat them.
"We had a $6 million attempt that we thwarted recently and the scariest thing about that one was this was not a small company," he said.
"These fraudsters are just getting a lot more daring and they will come after pretty much anyone."
9°C