Leoni AG suffers £34 million whaling attack

John Wilson, chief technology officer at Agari, told SCMagazineUK.com: “The Leoni AG incident is the perfect example of how effective a well-crafted Business Email Compromise (BEC) attack is. The cyber criminals behind it clearly did their homework and knew exactly who to target and what approach to take. We have seen an increasingly large number of attacks using this tactic, often impersonating vendors that the target is known to do business with, or referencing an event they recently attended. As advancing security technology makes other vectors more difficult, many cyber criminals are turning to low-volume BEC because it’s still incredibly effective. As a result, earlier this year the FBI reported that BEC attacks have increased by more than 270 per cent. Most organisations falsely believe they are protected by malicious emails by their spam filters and other security measures.”

Wilson continued: “However, Agari research found that 85 per cent of these attacks are completely invisible to the standard security tools relied on by most companies. Spear phishing emails like the Leoni AG attack which perfectly mimic a real email address with a payment request are undetectable by spam filters because there are no links, attachments, or language triggers to trigger them. Organisations need to be armed with the ability to identify the authenticity of all incoming emails, allowing only those messages that are confirmed to be from trusted senders to reach their destination. All emails should be assessed for potential threat and confirmed to be from their purported source, and any message that cannot be verified should be placed in quarantine, stopping the attack before it even begins.”