Aircraft parts manufacturer FACC AG revealed this week that cybercriminals managed to steal a significant amount of money in a scheme targeting the company’s finance department.
FACC AG is an Austria-based company that provides lightweight composite components for the aeronautics industry, including major manufacturers such as Boeing and Airbus.
The company has reported losing roughly €50 million ($54 million) as a result of criminal activity involving information technology and communications systems. FACC has only shared few details about the incident, but the aircraft parts maker believes the attackers are from outside the company.
The Austrian Criminal Investigation Department has been notified and criminal and forensic investigations have been launched.
The attackers reportedly targeted only FACC’s accounting department — the company said its IT infrastructure and business operations have not been impacted, and there is no evidence that data or intellectual property have been stolen.
“The damage is an outflow of approx. EUR 50 mio of liquid funds. The management board has taken immediate structural measures and is evaluating damages and insurance claims,” FACC stated. “All production- and engineering units operate in an unaffected and normal way. An economic threat to the company concerning liquidity does not exist. The management board will decide on further actions after the outcome of the forensic investigations is available.”
Last year, low-cost airline Ryanair lost $5 million as a result of a fraudulent electronic transfer. In Ryanair’s case, the attackers transferred the money to an account in China, but the company worked with banks and authorities and managed to recover it.
Companies large and small are often targeted by financially motivated cybercriminals. In some cases, the attackers use malware to steal money from the target’s bank accounts. However, some fraudsters rely mostly on social engineering and trick their victims into sending the money themselves.
Security blogger Brian Krebs recently presented a case where the accounting director of a Texas manufacturing firm was tricked into sending $480,000 to an account at a Chinese bank. The attackers sent the director a series of emails apparently coming from the company’s CEO, instructing him to send the money to an account they controlled. The victim only became suspicious after the cybercrooks sent instructions for a second payment of $18 million.
These types of scams, known as business email compromise (BEC) scams, have helped cybercrooks make a lot of money. The FBI reported in August 2015 that such incidents had been reported in 79 countries across the world.
Between October 2013 and August 2015, more than 7,000 victims had been recorded in the United States, with losses totaling nearly $750 million. Data from international law enforcement agencies showed that BEC scams resulted in losses of more than 1.2 billion.
