Hackers Steal $50 Million From Leading Aviation Design Company

The aviation industry is a privileged target for hackers who are interested in the intellectual property of many companies in the sector. A cyber security incident could have serious effects on the business continuity of any company and a significant financial impact.

FACC AG, a leading Austrian engineering company that designs parts for Airbus and Boeing has suffered just such an event.

Hackers who targeted the FACC managed to steal roughly 50 million euros as confirmed in the official statement issued by the company on January 19th:

“Today, it became evident that FACC AG has become a victim of a crime act using communication- an information technologies. The management board has immediately involved the Austrian Criminal Investigation Department and engaged a forensic investigation. The correct amount of damage is under review. The damage can amount to roughly EUR 50 million. The cyberattack activities were executed from outside of the company.”

A subsequent update, issued by FACC AG, offered more details of the cyber attack and confirmed the losses of more than 50 million euros. The experts at the company confirmed that the cyber attack was launched from outside and involved communication and information technologies.

According to the company, the operational business was not affected by the cyber attack.

“2016 FACC AG announced that it became a victim of fraudulent activities involving communication- an information technologies. To the current state of the forensic and criminal investigations, the financial accounting department of FACC Operations GmbH was the target of cyber fraud,” states the FACC.

“FACC’s IT infrastructure, data security, IP rights as well as the operational business of the group are not affected by the criminal activities. The damage is an outflow of approx. EUR 50 million of liquid funds. The management board has taken immediate structural measures and is evaluating damages and insurance claims.”

According to the experts and analyzing the official statement published by the company, threat actors conducted a Business Email Compromise (BEC) scam against the internal personnel.

Exactly one year ago IC3 and FBI warned about a significant increase of cases related to Business Email Compromise, nearly 2,000 individuals were victims of a wire payment scam.

The Business Email Compromise (BEC) is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. Formerly known as the Man-in-the-E-mail Scam, the BEC was renamed to focus on the “business angle” of this scam and to avoid confusion with another unrelated scam.” reports the statement.

The fraud scheme is very simple, busy employees received a request to transfer funds by representatives of high management of their company.

It is clear that businesses and personnel using open source e-mail are most targeted by Business Email Compromise, in many cases the criminals spoofed e-mails of individuals within enterprises who are entitled to submit such payment requests.

Individuals responsible for handling wire transfers within a specific company are privileged targets of criminals, which compose well-worded e-mail requests for a wire transfer.

The attacker behind Business Email Compromise scams shows a deep knowledge of their victims and their requests are proportional to the economic capabilities of the target, and of the specific individual used as the sender of the request. The criminals sent e-mails concurrently with business travel dates for executives whose e-mails were spoofed.

Security Affairs

 

« Will Robots Save The Future Of Work?
Experts Say Australia Is Ill-equipped For Cyberwar »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Juniper Networks

Juniper Networks

Juniper Networks is the industry leader in network innovation. We provide network infrastructure and network security solutions.

Association of Information Security Professionals (AISP)

Association of Information Security Professionals (AISP)

The Association of Information Security Professionals (AISP) represents the interests of information security professionals in Singapore.

Finjan Holdings

Finjan Holdings

Finjan solutions are aimed at keeping the web, networks, and endpoints safe from malicious code and security threats.

CionSystems

CionSystems

CionSystems provides identity, access and authentication solutions to improve security and streamline IT infrastructure management.

Openminded (OPMD)

Openminded (OPMD)

Openminded is a French security and network services company.

LinkShadow

LinkShadow

LinkShadow is a next-generation cybersecurity solution that provides unparalleled detection of even the most sophisticated threats.

SecureNation

SecureNation

SecureNation offers a wide variety of cutting-edge technologies and IT services to address almost any of your information security, network security and information assurance needs.

Security Weaver

Security Weaver

Security Weaver is a leading provider of governance, risk and compliance management (GRCM) software.

Bleckwen

Bleckwen

Bleckwen is a proven fraud detection system that helps financial institutions build trust with customers.

SafePaas

SafePaas

SafePaas is a leading Enterprise Risk Management Platform. One source of truth for all your Audit, Risk, and Compliance requirements. Complete governance across your systems.

ELLIO Technology

ELLIO Technology

ELLIO Technology is a cybersecurity company that reduces alert overload, improves incident response, and helps security teams target serious attackers who pose a real threat.

ArmorPoint

ArmorPoint

ArmorPoint redefines the traditional approach to cybersecurity by combining network operations, security operations, and SIEM technology in one platform.

Ipseity Security

Ipseity Security

Ipseity Security provide security-centric advisory and consulting services for organizations to secure their perimeter-less digital transformation to meet business and security requirements.

Standard Notes

Standard Notes

Standard Notes is a secure digital notes app that protects your notes and files with audited, industry-leading end-to-end encryption.

Health Sector Cybersecurity Coordination Center (HC3)

Health Sector Cybersecurity Coordination Center (HC3)

HC3 was created by the US Department of Health and Human Services to aid in the protection of vital, controlled, healthcare-related information.

Toro Solutions

Toro Solutions

Toro provide managed security & consultancy to keep governments, businesses & society resilient in the space where cyber, physical & people security converge.