Our Blogs

Massive 46M Dollar Cyberheist

By August 12, 2015 No Comments

Scam Of The Week:

Massive 46M Dollar Cyberheist

Brian Krebs just reported on a massive 46M dollar Cyberheist. Tech firm Ubiquiti Networks Inc. disclosed this week that cyber thieves recently stole 46.7 million dollars using an increasingly common scam in which crooks spoof emails from executives at the victim firm in a bid to initiate unauthorized international wire transfers. Ubiquiti, a San Jose based maker of networking technology for service providers and enterprises, disclosed the attack in a quarterly financial report filed this week with the U.S. Securities and Exchange Commission. The company said it discovered the fraud on June 5, 2015, and that the incident involved employee impersonation and fraudulent requests from an outside entity targeting the company’s finance department. “This fraud resulted in transfers of funds aggregating 46.7 million dollars held by a Company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties,” Ubiquiti wrote. “As soon as the Company became aware of this fraudulent activity it initiated contact with its Hong Kong subsidiary’s bank and promptly initiated legal proceedings in various foreign jurisdictions. As a result of these efforts, the Company has recovered 8.1 million dollars of the amounts transferred.” Known variously as “CEO fraud,” and the “business email compromise,” the swindle that hit Ubiquiti is a sophisticated and increasingly common one targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. In January 2015, the FBI warned that cyber thieves stole nearly 215 million dollars from businesses in the previous 14 months through such scams, which start when crooks spoof or hijack the email accounts of business executives or employees. In February, con artists made off with 17.2 million dollars from one of Omaha, Nebraska’s oldest companies — The Scoular Co., an employee-owned commodities trader. According to Omaha.com, an executive with the 800-employee company wired the money in installments last summer to a bank in China after receiving emails ordering him to do so. Ubiquity didn’t disclose precisely how it was scammed, but CEO fraud usually begins with the thieves either phishing an executive and gaining access to that individual’s inbox, or emailing employees from a look-alike domain name that is one or two letters off from the target company’s true domain name. There is more detail and data about this cyberheist at Brian’s site: http://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/ This is exactly the kind of thing that is prevented by effective security awareness training. The bad guys have a back door into your network; your employees. You can spend a large amount of money putting all kinds of security software in place and you should, but it can be all wasted if you don’t also train your employees and keep them on their toes with security top of mind. Find out how affordable this is today and be pleasantly surprised SecureNation can help with training from Wombat Security. Click here for more information.
knowbe4-logo-InfoCour
Share this on:
Share
Richard

Author Richard

Richard has been interested in the computer industry since high school and has worked in the field for the last 30 years. Richard has been a lead consultant for SecureNation for three years and he excels at quickly understanding new technologies and how they interact with existing installations. Richard is a native of Baton Rouge.

More posts by Richard