A $54m cyber fraud against Austria’s FACC has sent the aircraft supplier’s share price reeling.
The company’s share price fell nearly 17% in response to news of the company’s loss, which is one of the greatest losses to date caused by cyber fraud, according to Bloomberg.
“In light of the cyber fraud of which FACC AG has been the victim – occurred after the reporting period – at the current status of investigations, a valid outlook for the consolidated results is not possible,” said chief executive Walter Stephan in the foreword to the company’s latest quarterly results report.
The loss reported by the supplier to companies such as Boeing and Airbus is way above the average cost of the worst breaches in the UK of between $1.9m and $4.4m, reported by PricewaterhouseCoopers (PWC) in 2015.
The cost of the TalkTalk data breach – one of the worst seen in the UK in 2015 – was expected to reach £35m, which is just under $50m.
News of the FACC cyber fraud comes just a week after the World Economic Forum (WEF) published a report warning that most countries are underestimating the potential effect of cyber attacks on businesses and their economies.
Businesses of all sizes have been affected by complex cyber attacks, and have suffered economic, legal and reputational damage, the WEF’s Global Risks Report 2016 revealed.
Cost of breach
FACC said in an initial statement that the damage of an external cyber attack was expected to amount to around €50m ($54m), but gave no indication of how this figure had been calculated.
In a subsequent statement, the company said the €50m loss was in “liquid funds” due to fraud.
The overall cost of the breach could therefore be much higher, taking into account the cost of remediation and recover, share price losses, reputational damage and lost business.
Although potentially a prime target for intellectual property (IP) theft and customer data theft, FACC said that its IT infrastructure, IP data and business operations had not been affected by the attack.
“The management board has taken immediate structural measures and is evaluating damages and insurance claims,” the company said.
The company also assured investors that there was no “economic threat to the company concerning liquidity.”
FACC said in its third quarter results report that the financial accounting department of FACC Operations was the target of the cyber fraud, sparking speculation that company was probably the target of a whaling attack, also known as business email compromise (BEC) and CEO fraud.
Whaling attacks refer to cyber fraud cases where attackers impersonate top-level executives and use social engineering techniques to get accountants to approve funds transfers to criminal-held accounts.
However, if this is the case, FACC may find itself in the same position as manufacturing firm AFGlobal in the US, which is struggling to get its insurance company to pay out for losses incurred by a whaling attack.
Cyber criminals posing as AFGlobal’s chief executive CEO persuaded the company’s accountant to transfer $480,000 to a bank in China. The company’s insurer is refusing to pay because the scam did not involve the “forgery of a financial instrument” as required by the company’s cyber insurance policy, reports security author Brian Krebs.
According to the FBI, thieves stole nearly $750m in CEO fraud scams from more than 7,000 victim companies in the US between October 2013 and August 2015, he wrote in a blog post.
Social engineering attacks increase
Official UK police figures show that fraud linked to social engineering attacks increased by 21% in the 12 months up to October 2015.
According to the government-backed GetSafeOnline campaign, cyber criminals have become increasingly sophisticated in their attacks
Tony Neate, chief executive of GetSafeOnline, said social engineering is becoming ever more targeted and personal.
“What is worrying, however, is the complex nature of these scams and how they tap perfectly into feelings that make us panic,” he said.
“If we get an email purporting to come from someone we trust, such as our bank, about something that is emotive to us all – such as money – and then demand that we act urgently, it’s almost like the perfect storm.”