Spearphishing Attack by Cybercriminals Yields $99m USD

In a  lawsuit filed on April 14, 2016 by U.S. Attorney for the Southern District of New York Preet Bharra gives an insider's view on how frighteningly easy it is for a company to be duped out of a huge sum of money. In this case almost $100 million. The civil forfeiture lawsuit was filed in federal court in New York City and is being brought on behalf of an unidentified American company that was suckered out of $98.9 million over a four-week period late last summer. Luckily, the majority of the money has already been recovered and this suit is specifically going after the remaining $25 million that is being held in at least 20 overseas banks, according to court documents. “This is more than twice as large as any reported loss that we have seen,” Ryan Kalember, senior vice president of Cybersecurity Strategy, told SCMagazine.com in an email Friday. What this case perfectly illustrates is the step-by-step process a criminal can take implementing such a scam and all of the warnings that were ignored by the victim. Considering the massive pile of money involved, the scheme itself was extremely simple and used by cybercriminals every day, albeit to normally steal smaller amounts of plain old data. It was a classic spearphishing attack. How large of a threat to US government and commercial security are spearphishing attacks? Send us your comments here at the Cloud and Cyber Security Center: http://cloudandcybersecurity.blogspot.com/