amuck-landowner

$46.7 Million Stolen From Networking Firm Ubiquiti in Unidentified Hack

MannDude

Just a dude
vpsBoard Founder
Moderator
The full story can be read here: http://www.hakspek.com/security/46-7-million-stolen-from-networking-firm-ubiquiti-in-unidentified-hack/

It appears their finance department was specifically targetted and that staff fell victim to phishing attacks in which they gave up account information that allowed the attackers access to transfer millions of dollars to multiple overseas bank accounts.

Embarrassingly, the fake emails had convinced ignorant employees into turning over their usernames, passwords and account numbers. This allowed the attackers to be able to transfer funds ($46.7 million to be exact) out of a Ubiquiti subsidiary in Hong Kong in to multiple overseas accounts that the hacker was in possession of.
Ubiquity was able to recover some of it's money, but only a small fraction. This was a massive attack.

It was able to recover approximately $8.1 million of the money that the hacker stole, and Ubiquiti strongly believes it will be able to get back at least an additional $6.8 million more. The company is working with US and overseas law enforcement agencies to retrieve the remaining $31.8 million still missing.
It's bizarre to think so much could be stolen and so little recovered. I'm curious now to know what the largest attacks like this have been and what was recovered from them. $46,700,000 is no chump change...

Read more at the URL above.
 
Last edited by a moderator:

MannDude

Just a dude
vpsBoard Founder
Moderator
wooooooooooooooooooooow

Hi Hxxx, this is Jason from corporate. We're doing an audit of all finance staff's security credentials to ensure they're up to par with our security guidelines. I'm about to head out to lunch but I'm going to need your username and password that you use to overlook the finance records. I'm swamped with emails now from other staffers responding to this so if I do not respond please take it as a sign that everything is okay. If any changes need to be made I'll respond to you and let you know promptly as well as to what updates must be made.

Thanks for your cooperation!

-Jason Alexander
Head of Corporate Password Security
 

DomainBop

Dormant VPSB Pathogen
Ubiquity was able to recover some of it's money, but only a small fraction. This was a massive attack.

Ubiquiti (large publicly traded maker of networking equipment) not Ubiquity (webhosting company, Nobis Tech, blocked in all my firewalls for years)

-----

This hack was originally disclosed in their quarterly filing with the SEC. https://www.sec.gov/Archives/edgar/data/1511737/000157104915006288/t1501817_8k.htm

From their SEC filing:

Quote said:
Item 8.01             Other Events.

Business Fraud

On June 5, 2015, the Company determined that it had been the victim of a criminal fraud. The incident involved employee impersonation and fraudulent requests from an outside entity targeting the Company’s finance department. This fraud resulted in transfers of funds aggregating $46.7 million held by a Company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties. As soon as the Company became aware of this fraudulent activity it initiated contact with its Hong Kong subsidiary’s bank and promptly initiated legal proceedings in various foreign jurisdictions. As a result of these efforts, the Company has recovered $8.1 million of the amounts transferred. Furthermore, an additional $6.8 million of the amounts transferred are currently subject to legal injunction and reasonably expected to be recovered by the Company in due course. The Company is continuing to pursue the recovery of the remaining $31.8 million and is cooperating with U.S. federal and numerous overseas law enforcement authorities who are actively pursuing a multi-agency criminal investigation. The Company may be limited in what information it can disclose due to the ongoing investigation. The ultimate amount of the loss will depend, in part, on the Company’s success in recovering the funds. The Company may not be successful in obtaining any insurance coverage for this loss. The Company currently believes this is an isolated event and does not believe its technology systems have been compromised or that Company data has been exposed. While this matter will result in some additional near-term expenses, the Company does not expect this incident to have a material impact on its business or its ability to fund the anticipated working capital, capital expenditures and other liquidity requirements of its ongoing operations.

The Audit Committee of the Company’s Board of Directors has conducted an independent investigation into this matter with the assistance of outside advisors. The investigation concluded on July 17, 2015. The investigation uncovered no evidence that our systems were penetrated or that any corporate information, including our financial and account information, was accessed. The investigation found no evidence of employee criminal involvement in the fraud. As a result of this investigation, the Company, its Audit Committee and advisors have concluded that the Company’s internal control over financial reporting is ineffective due to one or more material weaknesses. The Company has implemented enhanced internal controls over financial reporting since June 5, 2015 and is in the process of implementing additional procedures and controls pursuant to recommendations from the investigation.  
Krebs had an article on this a few days ago: http://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
Sounds like Mikrotik got mad about the competition / study results that showed Ubiquiti crushed them in performance.
 
Last edited by a moderator:

IntroVex-Kamran

New Member
Verified Provider
I have to say that's one amazingly successful hack. I wouldn't expect employees to have fallen victim to phishing attempts, but I stand corrected.

Good luck to Ubiquiti in regaining their "lost" funds.
 

RA4W

New Member
Verified Provider

eva2000

Active Member
hmmm.. i think if they did what my bank does with any money transfers needing a SMS txt verification code - might have been more protected ?
 
Top
amuck-landowner