Posted on May 19, 2020 at 10:16 AM
Hackers Stole $10 Million from Norfund via Email Compromise Fraud
Norwegian state-owned investment fund for developing countries, Norfund, recently revealed that hackers have stolen about 100 million Norwegian Krona (USD10 million) which was meant for an organization in Cambodia.
The Norwegian government established the fund to help build sustainable industries and businesses in some developing countries. Hackers infiltrated into its email system several months ago and logged into their servers.
After succeeding in the infiltration, the scammers had monitoring access to the email communication lines Norfund had with its partners.
According to the reports, the hackers were able to steal information and impersonate the account of a member of the staff authorized to make payments.
Hackers took time to plan the fraud
Based on the press release from Norfund, the hackers were able to succeed because they took their time to learn a lot about the fund and how it operates. As a result, they were able to impersonate those in charge of processing payment to the benefiting institution.
Norfund stated that the hackers falsified and manipulated information exchange between the borrowing institution and Norfund in a way that was genuine in content, language, and structure. The fund said the hackers also falsified payment details and documents and made them look genuine and very difficult to discover any foul play.
Norfund said the funds were transferred to a bank account in Mexico on March 16. The bank account is bearing the name LOLC, which is the same name as the original bank account intended for the transfer.
According to the reports by local media, the hackers deceitfully took advantage of Nordfun’s compromised email system to tell the original LOLC beneficiary that there has been a little delay in the payment because of the COVID-19 pandemic. At the same time, the hackers sent a fake email to the Norfund email system, claiming to have been sent by LOLC in Cambodia, with every email detail matching the genuine LOLC based in Cambodia.
The hack was discovered after a second hacking attempt
After the transfer was made to the hackers’ account, no fraud was discovered as Norfund believed it has transferred the fund to LOLC in Cambodia. Meanwhile, LOLC believed the transfer has been put on hold because of the pandemic, so there wasn’t any incoming mail from them.
As a result, none of the parties discovered the $10million loan had been transferred to fraudsters until when the same fraudsters attempted to steal more money using the same medium on April 30.
The fraud was expertly done
Tellef Thorleifsson, Chief Executive of Norfund, described the fraud by saying “it was wonderfully done.”
He further said he thought Norfund was fully prepared for this type of attack because of similar incidents that have occurred with other similar organizations. However, from the attack, it was clear the organization did not do enough to prepare.
He further said that the hacking incident indicates that the organization’s network and the system are vulnerable and not secure enough.
“The fraud clearly shows that we, as an international investor and development organization….are vulnerable.” He said.
As a result, Norfund has taken serious and immediate actions to beef up security and correct the lapse.
Law enforcement agencies were contacted immediately
Norfund said after the incident, it reported to law enforcement agencies for subsequent action. It has also engaged PWC professional consulting firm to investigate the situation, determine how the hack occurred, and proffer solutions to prevent similar attacks in the future.
Fraudsters involved in a series of email compromise attacks
According to a recent report, since September 2016, fraudsters have attempted to steal a whopping $9 billion from organizations and institutions via attacks on business email.
Security researchers have always made it a point of duty to brief organizations on the best security measure to take in these situations. Businesses and other organizations have been advised to educate their staff and employees. They should introduce procedures, policies, technology to secure their systems.
They should also use multi-factor authentication to reduce the risk of becoming a victim of these fraudsters, who have become more deceitful and sophisticated than ever before.