Orion S.A., a global supplier of carbon black (a solid form of carbon), has revealed it fell victim to a sophisticated scam and ended up transferring $60 million to accounts belonging to the scammers.
The company confirmed the fiasco in a 8-K form filed with the US Securities and Exchange Commission (SEC) on August 10.
In the document, the company said an employee (not a member of the C-suite) was targeted by criminals: “On August 10, 2024, Orion S.A. determined that a Company employee, who is not a Named Executive Officer, was the target of a criminal scheme that resulted in multiple fraudulently induced outbound wire transfers to accounts controlled by unknown third parties.”
Insurance coverage
Orion did not share other details about the attack, but given these were multiple wire transfers, initiated by an employee, it’s safe to assume that this was a Business Email Compromise (BEC) attack.
With BEC attacks, a threat actor would either gain access to an email account belonging to an executive, or typosquat and impersonate one using identity theft.
After that, they would reach out to an employee that has access to company funds, and try to trick them into making a payment. Sometimes, they would claim that the company is buying a competitor and that the entire process needs to be done quickly and quietly, not to draw the attention of the media, or other companies, as that might compromise the deal. In some cases, the crooks would even call the victims on the phone to persuade them into moving faster with the transfer.
BEC attacks work exceptionally well, especially in large organizations where many employees never meet their C-suite executives, don’t know how they talk, or behave. In fact, some reports state that BEC is one of the most devastating forms of cybercrime, right next to ransomware.
Orion said it investigated the matter thoroughly and did not find any other fraudulent activity, or anyone stealing sensitive company data. It did stress that law enforcement was notified, and that it will pursue recovery of the funds, “including potentially available insurance coverage.”
Via TechCrunch