Cyberattackers Go Global To Steal Company Cash

With cyberattacks skyrocketing amid the pandemic, new data is rolling out to paint a picture of just how damaging the ramped-up thievery has become. In this week’s B2B Data Digest, PYMNTS looks at some of those numbers, finding cybercriminals both within and outside of the enterprise don’t discriminate across borders as attacks hit companies in New Zealand, the U.K. and elsewhere.

10 Ethereum, worth about $4,000, is sought by hackers that targeted Paytm Mall, according to Financial Express reports. The eCommerce company is reportedly paying the ransom, the hackers claim, though it is unclear exactly how the cyberattack group was able to gain access to the company’s data.

949 gigabytes of confidential data have been accessed by ransomware attackers targeting IT distributor Ma Labs, reports in CRN said, an attack that has stalled the company’s operations and left its customers in limbo. Ma Labs reportedly fell victim to a targeted attack by the operators of REvil ransomware, and the attackers now reportedly have data linked to Ma Labs’ developers, employees and clients, including bank information and email addresses. According to one corporate customer of Ma Labs, the company hasn’t properly communicated the matter but has stopped sending invoices.

$80,000 is now the average amount phishers demand from their business email compromise targets, according to new research from the Anti-Phishing Working Group (APWG) in its second-quarter 2020 Phishing Activity Trends Report. Yet, as researchers pointed out, the amount of funds sought vary significantly from one attack to the other, with one particular BEC-attack group seeking an average of $1.27 million per targeted attack. The average sought in a BEC scam is up from $54,000 in the first quarter of the year.

$1 million was stolen from the City of Industry via invoice fraud, claims officials in the California city. According to PE.com reports, the city is accusing one developer of a now-defunct solar project, San Gabriel Valley Water and Power, of allegedly altering invoices from subcontractors to secure excess funds from the government via reimbursements. In some cases, reports claim, billings from subcontractors were double what the subcontractor says it actually billed the developer. Officials from the Los Angeles District Attorney’s Office have raided homes and offices of San Gabriel Valley Water and Power, reports noted.

$1.34 million was siphoned from one New Zealand business in a scam linked to invoice fraud. According to Stuff.co.nz reports, an accounting assistant, who had access to the company’s online bank account, allegedly manipulated documents to make her crime appear as if payments were being made to legitimate suppliers when in truth the assistant was moving company funds to her personal account. The targeted company, Eight Mile Farms Limited, is reportedly suing the individual to recoup the funds with interest.

$600 million in financial losses from fraud last year were the result of authorized push payment (APP) fraud, according to Bottomline Technologies General Manager and Director of Payments Ed Adshead-Grant. Bottomline is now hoping to lower that U.K. statistic through the rollout of its Confirmation of Payee service for banks in the market. The solution is an overlay service, which is mandated for the U.K.’s largest banks under the Payment Systems Regulator and helps to mitigate risk that any push payments might be sent to the wrong beneficiary via Faster Payments, CHAPS and Bacs. According to Adshead-Grant, APP fraud is the fastest-growing fraud category, and confirming payees through automated software can ensure financial institutions “remain competitive in the role of trusted guardian as well as reducing the risk of fraudulent APP activity.”