Leoni AG, Europe's biggest manufacturer of wires and electrical cables, has announced losses of £34 million ($44.6 million) following a whaling attack that tricked finance staff into transferring money to the wrong bank account.
The incident took place on August 12th, and the company announced it publicly on August 16. Upon announcement, the company's shares dropped between 5 and 7 percent.
Few details on the loss were shared when the incident had occurred in August other than Leoni AG announcing that they had launched an investigation into the matter.
Leoni AG also reassured investors that the company's financial situation had not been affected by the sudden loss of capital.
However, new details have come to light about the incident in the Romanian press, who revealed yesterday that the scam took place at Leoni's factory based in Bistrita, Romania.
According to authorities, the CFO at the factory was the target of the scam. She received an email spoofed to look like it came from one of the company's top German executives.
Investigators have said the email was crafted in such a way to take into account Leoni's internal procedures for approving and transferring funds. This detail shows that attackers scouted the firm in advance.
The Bistrita factory may not have been chosen at random either. Leoni has four factories in Romania, and the Bistrita branch is the only one authorised to make money transfers.
Leoni AG is now working with local police, and Romania's top investigaters in the DIICOT (Directorate for Investigating Organised Crime and Terrorism) division.
John Wilson, chief technology officer at Agari, told SCMagazineUK.com: “The Leoni AG incident is the perfect example of how effective a well-crafted Business Email Compromise (BEC) attack is. The cyber criminals behind it clearly did their homework and knew exactly who to target and what approach to take. We have seen an increasingly large number of attacks using this tactic, often impersonating vendors that the target is known to do business with, or referencing an event they recently attended. As advancing security technology makes other vectors more difficult, many cyber criminals are turning to low-volume BEC because it's still incredibly effective. As a result, earlier this year the FBI reported that BEC attacks have increased by more than 270 per cent. Most organisations falsely believe they are protected by malicious emails by their spam filters and other security measures.”
Wilson continued: “However, Agari research found that 85 per cent of these attacks are completely invisible to the standard security tools relied on by most companies. Spear phishing emails like the Leoni AG attack which perfectly mimic a real email address with a payment request are undetectable by spam filters because there are no links, attachments, or language triggers to trigger them. Organisations need to be armed with the ability to identify the authenticity of all incoming emails, allowing only those messages that are confirmed to be from trusted senders to reach their destination. All emails should be assessed for potential threat and confirmed to be from their purported source, and any message that cannot be verified should be placed in quarantine, stopping the attack before it even begins."