Fraudsters Steal $46.7m From Ubiquiti Networks

Internet Crime Complaint Centre (IC3)  warn  the invoice scam, known as the BEC scam (business email compromise), conned companies out of $214m in 2013 alone.

US networking technology company Ubiquiti Networks has been swindled by fraudsters and has lost nearly $47 million.

According to the quarterly financial report the company filed last week with the US Securities and Exchange Commission, they discovered that they have became a victim of a criminal fraud on June 5, 2015.

"The incident involved employee impersonation and fraudulent requests from an outside entity targeting the Company’s finance department. This fraud resulted in transfers of funds aggregating $46.7 million held by a Company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties," the report says.

Ubiquiti has been trying to recover the stolen money, and has so far managed to regain possession of $8.1 million, and believes it likely that they will recoup another $6.8 million. 

"The Company is continuing to pursue the recovery of the remaining $31.8 million and is cooperating with US federal and numerous overseas law enforcement authorities who are actively pursuing a multi-agency criminal investigation," they added.

The investigation by the Audit Committee of the company’s Board of Directors uncovered no evidence that the company's systems were breached or that corporate information was accessed. There's also no evidence that points to an employee being involved in the heist. 

While the company attempts to recover the stolen funds, they have also implemented "enhanced internal controls over financial reporting", and additional procedures and controls in order to prevent such a thing happening to them again. Naturally, they didn't publicly share what those procedures and controls are.

Brian Krebs thinks it likely that Ubiquity fell prey to the so-called Business E-mail Compromise (BEC) scam - a type of scam that FBI's Internet Crime Complaint Center (IC3) warned about earlier this year and that netted scammers nearly $215 million in 14 months.

The BEC scam can take several forms, but the result is the same: stolen funds.

Business can take steps to avoid becoming victims. First and foremost, they should start using 2-step verification for confirm significant transactions, but choose different environments for each step (e.g. one confirmation can be done via email, and the other via a phone call).

Other things that could help are not sharing company/employee data (such as job description) on the company's website, and being extra careful when there are sudden changes in business practices (e.g. a business contact switching from the company email to a personal one).

Net-Security

 

« When Your White Hat Is Really a Black Hat
Ad Block Software 'Costs Firms £14bn A Year' »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Infoblox

Infoblox

Infoblox solutions help businesses automate complex network control functions to reduce costs, increase security and maximize uptime.

US Cyber Command (USCYBERCOM)

US Cyber Command (USCYBERCOM)

USCYBERCOM conducts activities to ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

Bittium

Bittium

Bittium provides proven information security solutions for mobile devices and portable computers.

Sepior

Sepior

Our vision is to make Sepior the leading provider of cloud-encryption software in the world.

Digittrade

Digittrade

Digittrade develop and produce external encrypted hard disks and secure communications apps.

Sequretek

Sequretek

Sequretek was formed with the aim to “Simplify Security”. We envision a future where enterprise networks are streamlined, secure and simple.

Schweitzer Engineering Laboratories (SEL)

Schweitzer Engineering Laboratories (SEL)

SEL specializes in creating digital products and systems that protect, control, and automate power systems around the world.

Broadcom

Broadcom

Broadcom is a global technology leader that designs, develops and supplies a broad range of semiconductor and infrastructure software solutions.

BlackhawkNest

BlackhawkNest

Blackhawk is the only cyber security solution on the market that combines network monitoring and incident response into a cohesive appliance.

Exalens

Exalens

With deep roots in AI-driven cyber-physical security research and intrusion detection, at Exalens, we are enhancing operational resilience for cyber-physical systems at the OT edge.

Infoline Tec Group Berhad

Infoline Tec Group Berhad

Infoline Tec Group Berhad is principally involved in providing IT infrastructure solutions, cybersecurity service provider and solutions, managed IT and other IT services.

Buzz Cybersecurity

Buzz Cybersecurity

Buzz Cybersecurity systems and services are designed to proactively guard against common and uncommon cyber threats.

Versent

Versent

Versent is an Australian-born technology company, focused on architecting, building & operating cloud native applications, data streams, platforms, and services.

Intellinexus

Intellinexus

Intellinexus turns data into actionable insights to revolutionise decision-making in your business.

Hartman Executive Advisors

Hartman Executive Advisors

Hartman Executive Advisors is an unbiased IT and cyber advisory firm uniquely designed to help mid-market executives maximize their IT investments.

Evolve Business Group

Evolve Business Group

Evolve is an independently-owned managed network solutions provider, creating bespoke packages for customers globally since 2005.