Hackers Steal $50 Million From Leading Aviation Design Company

The aviation industry is a privileged target for hackers who are interested in the intellectual property of many companies in the sector. A cyber security incident could have serious effects on the business continuity of any company and a significant financial impact.

FACC AG, a leading Austrian engineering company that designs parts for Airbus and Boeing has suffered just such an event.

Hackers who targeted the FACC managed to steal roughly 50 million euros as confirmed in the official statement issued by the company on January 19th:

“Today, it became evident that FACC AG has become a victim of a crime act using communication- an information technologies. The management board has immediately involved the Austrian Criminal Investigation Department and engaged a forensic investigation. The correct amount of damage is under review. The damage can amount to roughly EUR 50 million. The cyberattack activities were executed from outside of the company.”

A subsequent update, issued by FACC AG, offered more details of the cyber attack and confirmed the losses of more than 50 million euros. The experts at the company confirmed that the cyber attack was launched from outside and involved communication and information technologies.

According to the company, the operational business was not affected by the cyber attack.

“2016 FACC AG announced that it became a victim of fraudulent activities involving communication- an information technologies. To the current state of the forensic and criminal investigations, the financial accounting department of FACC Operations GmbH was the target of cyber fraud,” states the FACC.

“FACC’s IT infrastructure, data security, IP rights as well as the operational business of the group are not affected by the criminal activities. The damage is an outflow of approx. EUR 50 million of liquid funds. The management board has taken immediate structural measures and is evaluating damages and insurance claims.”

According to the experts and analyzing the official statement published by the company, threat actors conducted a Business Email Compromise (BEC) scam against the internal personnel.

Exactly one year ago IC3 and FBI warned about a significant increase of cases related to Business Email Compromise, nearly 2,000 individuals were victims of a wire payment scam.

The Business Email Compromise (BEC) is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. Formerly known as the Man-in-the-E-mail Scam, the BEC was renamed to focus on the “business angle” of this scam and to avoid confusion with another unrelated scam.” reports the statement.

The fraud scheme is very simple, busy employees received a request to transfer funds by representatives of high management of their company.

It is clear that businesses and personnel using open source e-mail are most targeted by Business Email Compromise, in many cases the criminals spoofed e-mails of individuals within enterprises who are entitled to submit such payment requests.

Individuals responsible for handling wire transfers within a specific company are privileged targets of criminals, which compose well-worded e-mail requests for a wire transfer.

The attacker behind Business Email Compromise scams shows a deep knowledge of their victims and their requests are proportional to the economic capabilities of the target, and of the specific individual used as the sender of the request. The criminals sent e-mails concurrently with business travel dates for executives whose e-mails were spoofed.

Security Affairs

 

« Will Robots Save The Future Of Work?
Experts Say Australia Is Ill-equipped For Cyberwar »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Federal Office For Information Security (BSI)

Federal Office For Information Security (BSI)

The BSI (Bundesamt fur Sicherheit in der Informationstechnik) is the federal cyber security agency and the chief architect of secure digitalisation in Germany.

Odix

Odix

Odix security software neutralizes file embedded targeted cyber attacks before they enter your organization’s network.

Center for Identity - University of Texas at Austin

Center for Identity - University of Texas at Austin

The mission of the Center is to deliver the highest-quality discoveries, applications, education, and outreach for excellence in identity management, privacy, and security.

Egis Technology

Egis Technology

Egis specializes in the IC design, research and development, and the testing and sales of capacitive fingerprint sensor.

Vaulto Technologies

Vaulto Technologies

Vaulto protects critical business processes that are conducted via the cellular network.

United Security Providers

United Security Providers

United Security Providers is a leading specialist in information security, protecting IT infrastructures and applications for companies with high demands on security.

Mitre

Mitre

At Mitre we work across government to tackle challenges to the safety, stability, and well-being of our nation. Areas of expertise include Cybersecurity.

Cyscale

Cyscale

Cyscale is a consultancy and development agency helping Enterprises adopt and migrate to the Cloud by providing an Automated Cloud Security Platform.

IoT M2M Council (IMC)

IoT M2M Council (IMC)

The IMC is the largest and fastest-growing trade organisation in the IoT/M2M sector.

Wispero

Wispero

Wispero edge and cloud security service continuously safeguards wireless IoT devices and data privacy in real time.

Shift5

Shift5

Shift5 focus on securing operational technology (OT) by building best-in-class, dual-use products serving military and commercial entities.

Qualcomm Technologies

Qualcomm Technologies

Qualcomm invents breakthrough technologies that transform how the world connects, computes and communicates.

Cutting Edge Technologies (CE Tech)

Cutting Edge Technologies (CE Tech)

CE Tech is a Next Generation Technology Partner providing advanced technology infrastructure solutions through partnerships with leading technology providers.

Omniscope

Omniscope

Omniscope is a a digital threat intelligence and investigations company specialising in open-source intelligence to protect you and your business.

LimaCharlie

LimaCharlie

LimaCharlie gives security teams full control over how they manage their security infrastructure. Get full visibility, build what you want, control your data, get the security capabilities you need.

MicroAge

MicroAge

Powered by five decades of experience, lasting partnerships, client relationships, and the values that guide us daily, MicroAge is here to help you secure, accelerate, and transform your business.