Spear Phishing Attack Costs a Company Millions

The Scoular Company, located in Omaha, Nebraska fell victim to an attack that cost them millions of dollars. The Scoular Company is ranked by Forbes Magazine as the 55th largest privately-held corporation in the United States in 2014. Scoular is a 120 year old company with sales that span over $6 billion every year. Scoular’s primary focus is to provide transportation for end-users and suppliers. Transportation includes food ingredients, grains, and feed ingredients as well as their focus on buying, selling, handling, and storing these products.

This fortune company seemed to have taken all of the proper precautions when it comes to cyber-security and security as a whole for a company. Yet even by taking these precautions, earlier this week it was discovered that the company fell victim to a spear phishing attack by clever fraudsters. This attack ended up losing the company $17.2 million dollars simply by tricking a controller into wiring that amount of money to a bank in China. The attacker(s) sent emails pretending to be the CEO of the Scoular company to one of the controllers of the company, stating that they were going to be buying out a company in China. Even worse, the emails coming from the “CEO” were not even from his official email address. To prevent this employee from reaching out to others in the company and speaking up about the big transfer, the attacker said that this was not to be mentioned in other channels to avoid infringing on SEC regulations. In the controllers defense, and I say this extremely lightly, the company was discussing its expansion to China and is primarily the reason the controller fell for the emails and sent the money. The attacker clearly did his research as he instructed the controller to get the wire instructions from the companies accounting firm, KPMG, that included a phone number and was answered by someone with the correct name. The attacker clearly found a real employee’s information that worked for KPMG, but gave a fake phone number and pretended to be the employee, as when the real employee was questioned he had never heard of Scoular. The fake email address was a kpmg-office.com name which once again fooled the Scoular controller. The kpmg-office.com was actually found to be a server located in Russia and the fake phone number provided was through a skype account with an IP address registered in Israel.

This case is currently under investigation by the FBI and is said that they are working on getting search and seizure warrants against the Shangai-based Dadi Co.Ltd. company which is said to have received the funds in the end. This company is a professional import and export agency mostly dealing with auto parts. If the seizure is granted then it will be carried out and executed by Chinese authorities, with cooperation with American authorities of course.

-Liam Ellis

Source: http://www.csoonline.com/article/2884339/malware-cybercrime/omahas-scoular-co-loses-17-million-after-spearphishing-attack.html#tk.rss_news

More information: