Free Newsletters for the Channel
Register for Your Free Newsletter Now
Ferrari says it has no plans to pay the ransom demand.
March 23, 2023
A recent vendor email compromise (VEC) attack tried to steal $36 million from a commercial real estate business.
Meanwhile, luxury car manufacturer Ferrari is investigating a cyberattack after a subsidiary received a ransom demand for customer contact information. And produce giant Dole has confirmed a ransomware attack involving unauthorized access to employee information.
It’s all in a day’s work for cybercriminals.
Abnormal Security observed the VEC attack seeking $36 million from the target. The enterprise was cc’d on an email containing an invoice for $36 million. The sender’s domain name, however, ended in .cam instead of .com. The full domain name looked like trusteddomain.cam. It’s almost impossible to notice for anyone but the most perceptive employee. The email included information about a payoff letter, and directed the reader to view the attached letter and payment instructions.
The threat actor impersonated the senior vice president and general counsel from a trusted partner company with whom the enterprise has a long-term relationship. The attacker sent an invoice and wiring instructions with fraudulent payment details in an attempt to redirect a $36 million loan payment to themselves.
To further bolster their credibility, the attacker cc’d a second well-known real estate investment company on the email, again using a newly created domain that ended in .cam.
There was little reason for the enterprise to be immediately concerned about the validity of the wire transfer request. That’s because the enterprise involved in this attack works in commercial real estate where they often facilitate large-sum loans. In addition, the invoice appeared to be legitimate with legitimate recipients.
Mike Britton is Abnormal Security‘s CISO.
Abnormal Security’s Mike Britton
“VEC, the most dangerous type of business email compromise (BEC), is a uniquely dangerous cybersecurity threat that is continuing to grow in both frequency and severity,” he said. “In fact, two-thirds of all organizations are targeted by email attacks that use a compromised or impersonated third-party account each quarter. Unlike traditional BEC that impersonates an executive, a VEC attack occurs when a threat actor either gains control of a vendor email account or impersonates a trusted vendor in an attempt to execute an invoice scam or other financial fraud.”
These attacks are highly successful, Britton said. That’s because they exploit the trust and existing relationships between vendors and customers through personalization and social engineering.
Scroll through our slideshow above for more on these cyberattacks.
You May Also Like
Canalys Channel Leadership Matrix Names AWS, Cisco, HP Among 'Champions'Feb 22, 2024
CrowdStrike, SonicWall Cyber Threat Reports Highlight Attacks, Popular TacticsFeb 21, 2024
Zscaler, Juniper, Cato Launch New B2B Tech ServicesFeb 21, 2024
Meet Channel Futures' 50 Channel Influencers for 2024Feb 20, 2024