$10M stolen in cyberattack on Norway’s state investment fund
Unknown hackers have stolen $10 million from Norfund, Norway’s state investment fund in an operation that spanned several months.
The money was stolen by tricking an employee to send the money to an account controlled by the hackers, but the more impressive part is the patience those behind the attack took in getting to that point.
The scammers originally hacked into the fund via its email network and patiently monitored accounts and identified employees who were authorized to make payments.
The fund makes global investments and in this case was lending $10 million to a microfinance institution in Cambodia when the hackers became involved.
“The defrauders manipulated and falsified information exchange between Norfund and the borrowing institution over time in a way that was realistic in structure, content and use of language,” Norfund said in a statement May 13. “Documents and payment details were falsified.”
The payment ended up going to an account in Mexico. The theft took place on March 16 but was not detected until April 30 when the same hackers came back for a second attempt. To obfuscate the theft, the hackers had told the Cambodian company that the transfer had been delayed because of the COVID-19 pandemic, meaning that no alarm was raised when the funds were not received.
“This is an extremely well-thought-out and -executed plan,” Javvad Malik, security awareness advocate at security awareness training form KnowBe4 Inc., told SiliconANGLE. “Once the criminals were able to gain access to internal systems and emails, it became only a matter of time before they could execute their plan.”
Malik said that’s why a “layered” defense is essential for organizations. “These layers will make it difficult for criminals to gain access to systems, and if bypassed, they can rapidly detect and respond to them,” he said. “The human element forms a critical layer in this approach. It’s important to provide security awareness and training to all employees so that they can identify any suspicious phishing emails.”
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.