National Cyber Warfare Foundation (NCWF) Forums


There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of $10m in cyber-attack


0 user ratings
2023-08-20 15:53:14
milo
Red Team (CNA)

 - archive -- 

Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of $10m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […]


The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of $10m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.



Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India


Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan



Credits: The Register


The Norwegian Investment Fund has been swindled out of $10m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.”


Norfund – the world’s largest sovereign wealth fund, created from saved North Sea Oil revenues and currently worth over $1tn – said a hacker was able to manipulate the organization into routing a loan intended for a Cambodian microfinance organization into an account controlled by the crooks. As a result, in March, 100m Kroner was lost.


The investment fund says the money appears to have been diverted from the organization in Cambodia to Mexico. Local and international police have been brought in to investigate the matter.


Details of the cyber-attack are scant. It may be a bog-standard business email compromise attack, in which a miscreant hijacks an email account to impersonate an employee or official to redirect cash meant for the Cambodian company to another bank account. Alternatively, it could have been something more intrusive.


“The defrauders manipulated and falsified information exchange between Norfund and the borrowing institution over time in a way that was realistic in structure, content and use of language,” Norfund said on Wednesday of the heist. “Documents and payment details were falsified.”


Again, this may be a generous way of saying someone got tricked into sending money into the wrong account with some forged invoices, or bogus emails, and poor invoice control.


Despite Norfund being worth over a $1tn, the Norwegians aren’t going to let this one slide. CEO Tellef Thorleifsson is promising swift action to prevent the organization from getting conned again – they are going to go viking on this one.


“This is a grave incident. The fraud clearly shows that we, as an international investor and development organisation, through active use of digital channels are vulnerable,” he said.


“The fact that this has happened shows that our systems and routines are not good enough. We have [to] take immediate and serious action to correct this.”


In addition to getting the cops involved, Norfund said it is working with the Norwegian Ministry of Foreign Affairs and its bank, DNB, to track down the thief and get the money back. PwC is also being called in to do an evaluation for the IT security setup at the fund.


“Norfund hopes that by being open about this incident we can contribute to reducing the risk of others being victims of similar fraudulent activities,” the investment firm said.


As embarrassing as it is to fall victim to these sort of scams, Norfund is hardly alone. Business email compromise, if that is at the heart of this affair, is a multi-billion dollar industry and only getting worse.


The scam is simple, but deadly efficient. The con artist spear-phishes a specific person at the organization and then tricks other people there into sending payments to a new account rather than the intended company or organization. Because the payments are otherwise legitimate and authorized, the victims usually don’t catch on until it’s too late.


For example, last year a city government in Colorado got tricked into handing a scammer $1m for what it thought were construction costs, and a school district in Texas was duped into handing miscreants $2.3m through multiple fraudulent transactions.



www.extremehacking.org


Sadik Shaikh | Cyber Suraksha AbhiyanEthical Hacking Training InstituteCEHv10CHFIECSAv10CASTENSACCNACCNA SECURITYMCITPRHCECHECKPOINT,  ASA FIREWALLVMWARECLOUDANDROIDIPHONENETWORKINGHARDWARETRAINING INSTITUTE IN PUNECertified Ethical HackingCSA Certified SOC AnalystCTIA EC-Council Certified Threat Intelligence AnalystCenter For Advanced Security Training in Indiaceh v10 course in Pune-Indiaceh certification in pune-Indiaceh v10 training in Pune-IndiaEthical Hacking Course in Pune-India


The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of $10m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.



Source: ExtremeHacking
Source Link: http://blog.extremehacking.org/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Red Team (CNA)



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.