Fraudsters Steal $46.7m From Ubiquiti Networks

Uploaded on 2015-08-21 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Internet Crime Complaint Centre (IC3)  warn  the invoice scam, known as the BEC scam (business email compromise), conned companies out of $214m in 2013 alone.

US networking technology company Ubiquiti Networks has been swindled by fraudsters and has lost nearly $47 million.

According to the quarterly financial report the company filed last week with the US Securities and Exchange Commission, they discovered that they have became a victim of a criminal fraud on June 5, 2015.

"The incident involved employee impersonation and fraudulent requests from an outside entity targeting the Company’s finance department. This fraud resulted in transfers of funds aggregating $46.7 million held by a Company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties," the report says.

Ubiquiti has been trying to recover the stolen money, and has so far managed to regain possession of $8.1 million, and believes it likely that they will recoup another $6.8 million. 

"The Company is continuing to pursue the recovery of the remaining $31.8 million and is cooperating with US federal and numerous overseas law enforcement authorities who are actively pursuing a multi-agency criminal investigation," they added.

The investigation by the Audit Committee of the company’s Board of Directors uncovered no evidence that the company's systems were breached or that corporate information was accessed. There's also no evidence that points to an employee being involved in the heist. 

While the company attempts to recover the stolen funds, they have also implemented "enhanced internal controls over financial reporting", and additional procedures and controls in order to prevent such a thing happening to them again. Naturally, they didn't publicly share what those procedures and controls are.

Brian Krebs thinks it likely that Ubiquity fell prey to the so-called Business E-mail Compromise (BEC) scam - a type of scam that FBI's Internet Crime Complaint Center (IC3) warned about earlier this year and that netted scammers nearly $215 million in 14 months.

The BEC scam can take several forms, but the result is the same: stolen funds.

Business can take steps to avoid becoming victims. First and foremost, they should start using 2-step verification for confirm significant transactions, but choose different environments for each step (e.g. one confirmation can be done via email, and the other via a phone call).

Other things that could help are not sharing company/employee data (such as job description) on the company's website, and being extra careful when there are sudden changes in business practices (e.g. a business contact switching from the company email to a personal one).

Net-Security

 

« When Your White Hat Is Really a Black Hat
Ad Block Software 'Costs Firms £14bn A Year' »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Ascentor

Ascentor

Ascentor specialises in independent information and cyber security consultancy. We’re experienced industry experts, providing cyber security services since 2004.

Cambray Solutions

Cambray Solutions

Cambray Solutions specializes in locating and securing technical professionals, managers, and executives.

Leviathan Security Group

Leviathan Security Group

Leviathan provides a broad set of information security services ranging from low-level technical engineering to strategic business consulting.

PCI Compliance Guide

PCI Compliance Guide

The PCI Compliance Guide is one of the leading educational websites available focused exclusively on PCI compliance.

i-Sprint Innovations

i-Sprint Innovations

i-Sprint is a leader in Securing Identity and Transactions in the Cyber World for industries that are security sensitive.

Kuratorium Sicheres Österreich (KSO)

Kuratorium Sicheres Österreich (KSO)

KSO is an independent non-profit association that has set itself the goal of making Austria safer as a national networking and information platform for topics of internal security.

Prove Identity

Prove Identity

Prove (formerly Payfone) is a leader in mobile & digital identity authentication for the connected world.

SIRP Labs

SIRP Labs

SIRP is a Risk-based Security Orchestration, Automation and Response (SOAR) platform that fuses essential cybersecurity information to enable a unified cyber response.

Winterhawk

Winterhawk

Winterhawk is a specialist and leading global Cyber, ESG, GRC, Risk & Identity consulting practice.

Guardio

Guardio

Guardio develop tools and products to combat modern web and browser threats.

GoPro Consultants

GoPro Consultants

GoPro Consultants is an IT Consultancy and IT Managed services provider Globally with immeasurable expertise of IT professionals in Hardware/Support & Consultancy and Project Planning.

Obrela Security Industries

Obrela Security Industries

Obrela provides security analytics and risk management services to identify, analyze, predict and prevent highly sophisticated security threats in real time.

VISO Cyber Security

VISO Cyber Security

VISO provide Cyber Security Consulting and CISO as a Service to companies who need to augment their leadership teams with information security expertise.

Cybit

Cybit

Cybit is the one-stop-shop for digital transformation that scales in line with your growth.

AppSOC

AppSOC

AppSOC is a leader in Application Security Posture Management (ASPM) and Code-to-Cloud Vulnerability Management.

Neo Auth

Neo Auth

Neo Auth is an identity and access management solution to help organizations optimize their cybersecurity processes.