Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

Cybercriminals Steal $54 Million from Aircraft Parts Maker

Aircraft parts manufacturer FACC AG revealed this week that cybercriminals managed to steal a significant amount of money in a scheme targeting the company’s finance department.

FACC AG is an Austria-based company that provides lightweight composite components for the aeronautics industry, including major manufacturers such as Boeing and Airbus.

Aircraft parts manufacturer FACC AG revealed this week that cybercriminals managed to steal a significant amount of money in a scheme targeting the company’s finance department.

FACC AG is an Austria-based company that provides lightweight composite components for the aeronautics industry, including major manufacturers such as Boeing and Airbus.

The company has reported losing roughly €50 million ($54 million) as a result of criminal activity involving information technology and communications systems. FACC has only shared few details about the incident, but the aircraft parts maker believes the attackers are from outside the company.

Mimecast

The Austrian Criminal Investigation Department has been notified and criminal and forensic investigations have been launched.

The attackers reportedly targeted only FACC’s accounting department — the company said its IT infrastructure and business operations have not been impacted, and there is no evidence that data or intellectual property have been stolen.

“The damage is an outflow of approx. EUR 50 mio of liquid funds. The management board has taken immediate structural measures and is evaluating damages and insurance claims,” FACC stated. “All production- and engineering units operate in an unaffected and normal way. An economic threat to the company concerning liquidity does not exist. The management board will decide on further actions after the outcome of the forensic investigations is available.”

Last year, low-cost airline Ryanair lost $5 million as a result of a fraudulent electronic transfer. In Ryanair’s case, the attackers transferred the money to an account in China, but the company worked with banks and authorities and managed to recover it.

Companies large and small are often targeted by financially motivated cybercriminals. In some cases, the attackers use malware to steal money from the target’s bank accounts. However, some fraudsters rely mostly on social engineering and trick their victims into sending the money themselves.

Advertisement. Scroll to continue reading.

Security blogger Brian Krebs recently presented a case where the accounting director of a Texas manufacturing firm was tricked into sending $480,000 to an account at a Chinese bank. The attackers sent the director a series of emails apparently coming from the company’s CEO, instructing him to send the money to an account they controlled. The victim only became suspicious after the cybercrooks sent instructions for a second payment of $18 million.

These types of scams, known as business email compromise (BEC) scams, have helped cybercrooks make a lot of money. The FBI reported in August 2015 that such incidents had been reported in 79 countries across the world.

Between October 2013 and August 2015, more than 7,000 victims had been recorded in the United States, with losses totaling nearly $750 million. Data from international law enforcement agencies showed that BEC scams resulted in losses of more than 1.2 billion.

Update: FACC Fires CEO After $56-million Cyber Scam

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Fraud & Identity Theft

Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer.  At the time of his death, he was Chief Hacking Officer at...

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Cybercrime

Deepfakes, left unchecked, are set to become the cybercriminals’ next big weapon

Cybercrime

A threat actor tracked as ‘Scattered Spider’ is targeting telecommunications and business process outsourcing (BPO) companies in an effort to gain access to mobile...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...