Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

Cybercriminals Steal $54 Million from Aircraft Parts Maker

Aircraft parts manufacturer FACC AG revealed this week that cybercriminals managed to steal a significant amount of money in a scheme targeting the company’s finance department.

FACC AG is an Austria-based company that provides lightweight composite components for the aeronautics industry, including major manufacturers such as Boeing and Airbus.

Aircraft parts manufacturer FACC AG revealed this week that cybercriminals managed to steal a significant amount of money in a scheme targeting the company’s finance department.

FACC AG is an Austria-based company that provides lightweight composite components for the aeronautics industry, including major manufacturers such as Boeing and Airbus.

The company has reported losing roughly €50 million ($54 million) as a result of criminal activity involving information technology and communications systems. FACC has only shared few details about the incident, but the aircraft parts maker believes the attackers are from outside the company.

Mimecast

The Austrian Criminal Investigation Department has been notified and criminal and forensic investigations have been launched.

The attackers reportedly targeted only FACC’s accounting department — the company said its IT infrastructure and business operations have not been impacted, and there is no evidence that data or intellectual property have been stolen.

“The damage is an outflow of approx. EUR 50 mio of liquid funds. The management board has taken immediate structural measures and is evaluating damages and insurance claims,” FACC stated. “All production- and engineering units operate in an unaffected and normal way. An economic threat to the company concerning liquidity does not exist. The management board will decide on further actions after the outcome of the forensic investigations is available.”

Last year, low-cost airline Ryanair lost $5 million as a result of a fraudulent electronic transfer. In Ryanair’s case, the attackers transferred the money to an account in China, but the company worked with banks and authorities and managed to recover it.

Companies large and small are often targeted by financially motivated cybercriminals. In some cases, the attackers use malware to steal money from the target’s bank accounts. However, some fraudsters rely mostly on social engineering and trick their victims into sending the money themselves.

Security blogger Brian Krebs recently presented a case where the accounting director of a Texas manufacturing firm was tricked into sending $480,000 to an account at a Chinese bank. The attackers sent the director a series of emails apparently coming from the company’s CEO, instructing him to send the money to an account they controlled. The victim only became suspicious after the cybercrooks sent instructions for a second payment of $18 million.

These types of scams, known as business email compromise (BEC) scams, have helped cybercrooks make a lot of money. The FBI reported in August 2015 that such incidents had been reported in 79 countries across the world.

Between October 2013 and August 2015, more than 7,000 victims had been recorded in the United States, with losses totaling nearly $750 million. Data from international law enforcement agencies showed that BEC scams resulted in losses of more than 1.2 billion.

Update: FACC Fires CEO After $56-million Cyber Scam

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

CISO Strategy

The question for 2023 and beyond is whether the cyberinsurance industry can make a profit without destroying its market.

Cybercrime

Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam.

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Cybercrime

Spanish and US authorities have dismantled a cybercrime ring that defrauded victims of more than $5.3 million.