Brian Jackson - Fotolia

$54m cyber fraud hits aircraft supplier share price

Austrian aircraft industry supplier reports cyber fraud loss of $54m, way above the average cost of the worst breaches in the UK of up to $4.4m in 2015

A $54m cyber fraud against Austria’s FACC has sent the aircraft supplier’s share price reeling.

The company’s share price fell nearly 17% in response to news of the company’s loss, which is one of the greatest losses to date caused by cyber fraud, according to Bloomberg.

“In light of the cyber fraud of which FACC AG has been the victim – occurred after the reporting period – at the current status of investigations, a valid outlook for the consolidated results is not possible,” said chief executive Walter Stephan in the foreword to the company’s latest quarterly results report.

The loss reported by the supplier to companies such as Boeing and Airbus is way above the average cost of the worst breaches in the UK of between $1.9m and $4.4m, reported by PricewaterhouseCoopers (PWC) in 2015.

The cost of the TalkTalk data breach – one of the worst seen in the UK in 2015 – was expected to reach £35m, which is just under $50m.

News of the FACC cyber fraud comes just a week after the World Economic Forum (WEF) published a report warning that most countries are underestimating the potential effect of cyber attacks on businesses and their economies.

Businesses of all sizes have been affected by complex cyber attacks, and have suffered economic, legal and reputational damage, the WEF’s Global Risks Report 2016 revealed.

Cost of breach

FACC said in an initial statement that the damage of an external cyber attack was expected to amount to around €50m ($54m), but gave no indication of how this figure had been calculated.

In a subsequent statement, the company said the €50m loss was in “liquid funds” due to fraud.

The overall cost of the breach could therefore be much higher, taking into account the cost of remediation and recover, share price losses, reputational damage and lost business.

Although potentially a prime target for intellectual property (IP) theft and customer data theft, FACC said that its IT infrastructure, IP data and business operations had not been affected by the attack.  

“The management board has taken immediate structural measures and is evaluating damages and insurance claims,” the company said.

The company also assured investors that there was no “economic threat to the company concerning liquidity.”

Whaling attacks

FACC said in its third quarter results report that the financial accounting department of FACC Operations was the target of the cyber fraud, sparking speculation that company was probably the target of a whaling attack, also known as business email compromise (BEC) and CEO fraud.

Whaling attacks refer to cyber fraud cases where attackers impersonate top-level executives and use social engineering techniques to get accountants to approve funds transfers to criminal-held accounts.

However, if this is the case, FACC may find itself in the same position as manufacturing firm AFGlobal in the US, which is struggling to get its insurance company to pay out for losses incurred by a whaling attack.

Cyber criminals posing as AFGlobal’s chief executive CEO persuaded the company’s accountant to transfer $480,000 to a bank in China. The company’s insurer is refusing to pay because the scam did not involve the “forgery of a financial instrument” as required by the company’s cyber insurance policy, reports security author Brian Krebs.

According to the FBI, thieves stole nearly $750m in CEO fraud scams from more than 7,000 victim companies in the US between October 2013 and August 2015, he wrote in a blog post.

Social engineering attacks increase

Official UK police figures show that fraud linked to social engineering attacks increased by 21% in the 12 months up to October 2015.

According to the government-backed GetSafeOnline campaign, cyber criminals have become increasingly sophisticated in their attacks

Tony Neate, chief executive of GetSafeOnline, said social engineering is becoming ever more targeted and personal.

“What is worrying, however, is the complex nature of these scams and how they tap perfectly into feelings that make us panic,” he said.

“If we get an email purporting to come from someone we trust, such as our bank, about something that is emotive to us all – such as money – and then demand that we act urgently, it’s almost like the perfect storm.”

Read more about whaling

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

<BrokenRecord> <Loud> When will the industry finally figure out that it's far more cost effective to solve the problem than to sweep up all the stray bits afterwards. We're supposed to be the smart people here. Those hackers are just common thieves. Clever ones, I'll admit, but thieves nonetheless. How long will we continue to be at their mercy? It's time to dig in and do the dirty work before there's little left to salvage. 
Cancel
Oops, too soon. </BrokenRecord> </Loud> My timing's always off when I try to tell a joke. Except <BrokenRecord> this is no joke. Seriously. </BrokenRecord> 
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close