How did a mistake cause a millionaire loss?

Cybersecurity is a subject that permeates our society, but it is not always treated with the priority it requires.

An example of this is how a single error of improper exposure of credentials paved the way for one of the largest cyberattacks ever recorded in Brazil so far and affected several organizations.

C&M Software, a company that is fundamental to the operation of the Brazilian Payment System (SPB) and Pix, was targeted by criminals who, using improper access and managed to move funds directly at the Central Bank.

This case exposes how, even in environments considered safe and supervised by regulatory agencies, human vulnerability and operational failures continue to be the weakest points in the protection chain.

But after all, how did a simple flaw allow criminals to directly access Central Bank resources and what does this case teach us about the invisible risks that surround even the most secure institutions?

Keep reading this text to understand how it all happened, who was affected, and why this story is a wake-up call for any organization that deals with data and digital transactions.

What happened in this millionaire attack?

The attack on C&M Software drew the attention of the financial market and the authorities for directly involving the Brazilian Payment System (SPB), one of the critical infrastructures for financial transactions in the country.

Cybercriminals used improperly accessed credentials to break into the company's systems and, from there, carried out unauthorized financial transactions, affecting reserve accounts held by institutions at the Central Bank.

According to initial investigations, the attack was sophisticated and targeted, taking advantage of vulnerabilities related to the control and use of access credentials, a factor that highlights the importance of security in permission management.

C&M Software is a company authorized and supervised by the Central Bank of Brazil and acts as a provider of messaging services, that is, it interconnects financial institutions to the Brazilian Payment System.

Its function is essential for the operation of operations such as interbank settlement and the operation of Pix, the instant payment system that is already part of the routine of millions of Brazilians.

The institution is responsible for ensuring that financial messages between banks and the Central Bank are transmitted securely, quickly and accurately, thus becoming a vital link for the proper functioning of the national financial ecosystem.

With the invasion, criminals were able to access reserve accounts, which are held directly at the Central Bank by financial institutions and used exclusively for interbank operations, such as payment settlement.

These accounts are not linked to end customers, but represent essential resources for the financial balance between banks and for the continuity of transactions in the market.

The attack, therefore, did not affect consumers directly, but exposed a serious flaw in a layer where security should be maximum, putting the stability of the financial system at risk.

After the incident, C&M Software was disconnected from the environment by determination of the Central Bank.

 Brazilian authorities, including the Federal Police and the Directorate for the Repression of Cybercrimes, have launched an in-depth investigation to identify those responsible for the crime.

The case laid bare the importance of cybersecurity in critical environments and highlighted that, even under strict supervision and regulation, no organization is immune to human or technical failures when credential management does not receive attention.

What is the financial impact of the attack and its millionaire losses?

The financial impact of the attack was immediate and worrying. The first investigations indicate that at least R$ 100 million were diverted from the reserve accounts of financial institutions.

Although the complete survey is still in progress, this amount alone represents one of the biggest financial losses caused by a cyberattack on the Brazilian banking sector.

The episode turned on the alert throughout the financial system, reinforcing the need for more solid and continuous preventive measures.

An attack like this reveals how criminals can exploit specific flaws to reach deep and strategic layers of the financial system.

It is necessary to remember that more than a financial loss, the incident represents a warning about the need for constant vigilance and a cybersecurity culture that involves not only technology, but also processes and people.

What can we learn from this case?

This cyberattack brought to light valuable lessons about how digital security needs to go far beyond technology.

Even in critical and highly regulated environments, such as the financial system, failures in credential management and continuous surveillance can open dangerous breaches.

This incident demonstrates that protection against cyber threats depends not only on robust tools, but also on well-defined processes and a strong organizational culture, where all employees understand their role.

The importance of credential management

Improper credential management can open the door to irreparable damage. Even in highly regulated environments, such as SPB.

The leakage or misuse of credentials is capable of breaking down technical and regulatory barriers, allowing criminals to access critical environments and be able to commit their crimes.

Therefore, it is essential that organizations adopt rigorous identity and access management practices, such as:

• Use of multi-factor authentication;

• Periodic rotation of passwords;

• Principle of least privilege.

  
  

Thus ensuring that each user has access only to what they really need, in addition to the protection of credentials, continuous monitoring of environments is essential to detect anomalous activity before it causes damage.

Real-time monitoring tools, user behavior analysis, and automated alerts can help identify non-standard accesses and potential intrusion attempts.

The Need for a Strong Cybersecurity Culture

Another point that this attack highlights is the importance of creating an organizational culture where security is not the exclusive responsibility of the technology team, but a commitment of all employees and partners.

Digital risk management needs to be part of the day-to-day life of institutions, from strategic processes to routine operations.

This includes frequent training, clear communication about cyber risks, and encouraging the adoption of good security practices by all professionals, regardless of the area in which they work.

When security is treated only as a technical obligation, human breaches end up going unnoticed.

Therefore, investing in awareness and strengthening the safety culture helps reduce the risk of errors that can have devastating consequences. In today's digital world, protecting processes and people is just as important as protecting systems and data.

PhishX and its role in education and awareness

PhishX works to continuously raise people's awareness. Through educational campaigns, training, and phishing simulations, we prepare employees and partners to recognize fraud attempts.

With this, we teach how important it is that passwords and privileged access do not fall into the wrong hands.

Thanks to a practical and continuous approach, the platform transforms the behavior of teams, creating a culture of vigilance and digital accountability.

In addition to education, PhishX offers behavioral monitoring and reporting that allows institutions to identify human vulnerabilities and areas of greatest risk, allowing for preventative actions before an incident happens.

The platform also makes it easy to manage awareness campaigns, without the need for technical knowledge, making the process of involving the entire organization in security actions simpler.

All this in a scalable and adaptable way to the reality of different segments and sizes of companies.

In situations such as the one experienced by C&M Software, where the attack originated from the misuse of credentials, PhishX helps to minimize risks from the base that is people.

After all, no technology is enough if those behind it are not prepared to recognize threats and act correctly.

In this way, creating a strong digital security culture is the most effective way to reduce human breaches and ensure that sophisticated attacks do not find open doors in organizations.

Strengthen your security culture and empower your team to identify and prevent attacks before they cause damage. Request a demo today and see how we can help your organization.