Fraudsters Steal $46.7m From Ubiquiti Networks

Uploaded on 2015-08-21 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Internet Crime Complaint Centre (IC3)  warn  the invoice scam, known as the BEC scam (business email compromise), conned companies out of $214m in 2013 alone.

US networking technology company Ubiquiti Networks has been swindled by fraudsters and has lost nearly $47 million.

According to the quarterly financial report the company filed last week with the US Securities and Exchange Commission, they discovered that they have became a victim of a criminal fraud on June 5, 2015.

"The incident involved employee impersonation and fraudulent requests from an outside entity targeting the Company’s finance department. This fraud resulted in transfers of funds aggregating $46.7 million held by a Company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties," the report says.

Ubiquiti has been trying to recover the stolen money, and has so far managed to regain possession of $8.1 million, and believes it likely that they will recoup another $6.8 million. 

"The Company is continuing to pursue the recovery of the remaining $31.8 million and is cooperating with US federal and numerous overseas law enforcement authorities who are actively pursuing a multi-agency criminal investigation," they added.

The investigation by the Audit Committee of the company’s Board of Directors uncovered no evidence that the company's systems were breached or that corporate information was accessed. There's also no evidence that points to an employee being involved in the heist. 

While the company attempts to recover the stolen funds, they have also implemented "enhanced internal controls over financial reporting", and additional procedures and controls in order to prevent such a thing happening to them again. Naturally, they didn't publicly share what those procedures and controls are.

Brian Krebs thinks it likely that Ubiquity fell prey to the so-called Business E-mail Compromise (BEC) scam - a type of scam that FBI's Internet Crime Complaint Center (IC3) warned about earlier this year and that netted scammers nearly $215 million in 14 months.

The BEC scam can take several forms, but the result is the same: stolen funds.

Business can take steps to avoid becoming victims. First and foremost, they should start using 2-step verification for confirm significant transactions, but choose different environments for each step (e.g. one confirmation can be done via email, and the other via a phone call).

Other things that could help are not sharing company/employee data (such as job description) on the company's website, and being extra careful when there are sudden changes in business practices (e.g. a business contact switching from the company email to a personal one).

Net-Security

 

« When Your White Hat Is Really a Black Hat
Ad Block Software 'Costs Firms £14bn A Year' »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Shavlik Protect

Shavlik Protect

Shavlik Protect is an easy-to-use security software solution that discovers missing patches and deploys them to the entire organization.

Libraesva

Libraesva

Libraesva specialize in Email Security. From Email Security, Phishing Awareness and Email Archiver. We can assist you with any email issues you may have.

Cydome

Cydome

Cydome offers full-spectrum cybersecurity solutions tailored for the maritime industry.

Cimcor

Cimcor

Cimcor’s flagship software product, CimTrak, helps organizations to monitor and protect a wide range of physical, network and virtual IT assets in real-time.

Computer Forensics Consult (CFC)

Computer Forensics Consult (CFC)

Computer Forensics Consult provides disaster recovery, computer forensics, electronic discovery and litigation support services in the growing area of Cyber Security.

CARICERT

CARICERT

CARICERT is the National Cyber Emergency Response Team of Curacao in the Caribbean.

Digital Resolve

Digital Resolve

Digital Resolve delivers solutions that help companies maintain trust and confidence through proven and cost-effective fraud-protection and identity intelligence technology.

Accertify

Accertify

Accertify is a leading provider of fraud prevention, chargeback management, and payment gateway solutions.

Araxxe

Araxxe

Araxxe delivers Revenue Assurance, End-to-End Billing Verification and Interconnect Fraud Detection solutions to communication companies worldwide.

Fingent

Fingent

Fingent develops strategic software solutions for businesses across the globe in areas including Network Security, Infrastructure Security, Application Security, Risk and Compliance.

Cloudsine

Cloudsine

Cloudsine (formerly Banff Cyber Technologies) is a cloud technology company specializing in cloud adoption, security and innovation.

Binary Security AS

Binary Security AS

Binary Security is a Norwegian information security consultancy company. We are specialists at application security, penetration testing and secure code reviews.

Alibaba Cloud

Alibaba Cloud

Alibaba Cloud is committed to safeguarding the cloud security for every business by leveraging a comprehensive suite of enterprise security services and products on the platform.

Cybersecurity Dubai

Cybersecurity Dubai

Protect your business from cyber-attacks with Cybersecurity Dubai, your partner in online security solutions.

inSOC

inSOC

inSOC is an enterprise-grade AI-driven SOCaaS solution detecting breaches 24/7 with vulnerability management built-in. Designed for MSPs and MSSPs.

CloudGuard

CloudGuard

CloudGuard is an AI-driven XDR platform that helps organisations to proactively detect and automatically remediate threats in real-time.