Thought Leadership
In the course of a hacker attack on its communications systems, the US mining company NioCorp fell victim to a Business Email Compromise (BEC).
NioCorp, a company specializing in the extraction of minerals, had to admit to a serious cyber security incident in a mandatory notification to the US Securities and Exchange Commission (SEC). As was announced on Wednesday, security managers discovered signs of an intrusion into the company’s IT systems on February 14, which particularly affected the email infrastructure.
As far as we know so far, the attackers managed to send legitimate-looking messages through the compromised email accounts to convince the recipient to redirect payments to or from a supplier to a controlled bank account. This scam, known as Business Email Compromise, diverted around 500,000 US dollars in payments to the cybercriminals’ accounts.
According to NioCorp, it immediately called in the relevant law enforcement authorities and financial institutions in order to possibly recover the embezzled funds. The forensic investigation into the incident has not yet been completed.
“At this time, we are unable to make a final assessment of the financial impact,” the SEC announcement states. It is also still unclear whether and to what extent the misdirected payments can be recovered.
Cases also in Germany
The current case is one of a long list of similar incidents. Cases of business email compromise are also on the rise in Germany. Just recently, a trading company in Mecklenburg-Western Pomerania was the victim of such an attack. The perpetrators deliberately waited until the company sent regular invoices before sending manipulated versions with fake bank details. It was only thanks to the suspicions of an attentive business partner that worse was prevented. Nevertheless, the damage amounted to several tens of thousands of euros.
Even more serious was a case from Iserlohn, where the perpetrators were even able to steal a six-figure sum through a man-in-the-middle attack. The cyber criminals infiltrated the email traffic between two companies and took over the entire business communication. The perpetrators also deliberately changed contact details in the invoices to make queries more difficult.
