Fraudsters Steal $46.7m From Ubiquiti Networks

Uploaded on 2015-08-21 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Internet Crime Complaint Centre (IC3)  warn  the invoice scam, known as the BEC scam (business email compromise), conned companies out of $214m in 2013 alone.

US networking technology company Ubiquiti Networks has been swindled by fraudsters and has lost nearly $47 million.

According to the quarterly financial report the company filed last week with the US Securities and Exchange Commission, they discovered that they have became a victim of a criminal fraud on June 5, 2015.

"The incident involved employee impersonation and fraudulent requests from an outside entity targeting the Company’s finance department. This fraud resulted in transfers of funds aggregating $46.7 million held by a Company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties," the report says.

Ubiquiti has been trying to recover the stolen money, and has so far managed to regain possession of $8.1 million, and believes it likely that they will recoup another $6.8 million. 

"The Company is continuing to pursue the recovery of the remaining $31.8 million and is cooperating with US federal and numerous overseas law enforcement authorities who are actively pursuing a multi-agency criminal investigation," they added.

The investigation by the Audit Committee of the company’s Board of Directors uncovered no evidence that the company's systems were breached or that corporate information was accessed. There's also no evidence that points to an employee being involved in the heist. 

While the company attempts to recover the stolen funds, they have also implemented "enhanced internal controls over financial reporting", and additional procedures and controls in order to prevent such a thing happening to them again. Naturally, they didn't publicly share what those procedures and controls are.

Brian Krebs thinks it likely that Ubiquity fell prey to the so-called Business E-mail Compromise (BEC) scam - a type of scam that FBI's Internet Crime Complaint Center (IC3) warned about earlier this year and that netted scammers nearly $215 million in 14 months.

The BEC scam can take several forms, but the result is the same: stolen funds.

Business can take steps to avoid becoming victims. First and foremost, they should start using 2-step verification for confirm significant transactions, but choose different environments for each step (e.g. one confirmation can be done via email, and the other via a phone call).

Other things that could help are not sharing company/employee data (such as job description) on the company's website, and being extra careful when there are sudden changes in business practices (e.g. a business contact switching from the company email to a personal one).

Net-Security

 

« When Your White Hat Is Really a Black Hat
Ad Block Software 'Costs Firms £14bn A Year' »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Guardtime

Guardtime

Guardtime's Black Lantern platform provides real-time cybersecurity and data-centric asset protection.

Mocana

Mocana

Mocana provides a software platform that allows you to develop, test and distribute more secure IoT devices and services.

Resource Centre for Cyber Forensics (RCCF)

Resource Centre for Cyber Forensics (RCCF)

RCCF is a pioneering institute, pursuing research activities in the area of Cyber Forensics.

Crossmatch

Crossmatch

Crossmatch is a world leader in risk-based composite authentication and biometric identity management.

Vicarious

Vicarious

Vicarious identify the vulnerabilities in the software without involving the vendor and protect it before the hackers take advantage of it, even in compiled applications.

Global Cyber Alliance (GCA)

Global Cyber Alliance (GCA)

Global Cyber Alliance is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world.

authUSB

authUSB

authUSB Safe Door is a tool that provides secure access to the content of USB devices that circulate in organizations.

UNIDIR Cyber Policy Portal

UNIDIR Cyber Policy Portal

The UNIDIR Cyber Policy Portal is an online reference tool that maps the cybersecurity and cybersecurity-related policy landscape.

SafeHouse Technologies

SafeHouse Technologies

SafeHouse is a cloud-based, high-end cybersecurity platform that can secure and insure any device that is connected to it.

ThreatSwitch

ThreatSwitch

ThreatSwitch a software platform for cleared federal contractors to get and stay compliant with NISPOM and Conforming Change 2.

New Enterprise Associates (NEA)

New Enterprise Associates (NEA)

As one of the world’s largest and most active venture capital firms, NEA has developed deep domain expertise and insight into our industries of focus - technology and healthcare.

Neosecure

Neosecure

NeoSecure is a specialist Cybersecurity Solutions and Managed Services provider in Latin America.

CyberCyte

CyberCyte

CyberCyte provides a disruptive built-in integrated physical, network and perimeter security solution framework.

Software Improvement Group (SIG)

Software Improvement Group (SIG)

Software Improvement Group helps business and technology leaders drive their organizational objectives by fundamentally improving the health and security of their software applications.

Sri Lanka CERT

Sri Lanka CERT

Sri Lanka CERT is the National Centre for Cyber Security, which has the national responsibility of protecting the nation’s cyberspace from cyber threats.

CyberNut

CyberNut

CyberNut are a security awareness training solution built exclusively for schools.