VEC Attack Tries to Steal $36 Million, Ferrari, Dole Hit with Ransomware Attacks

A recent vendor email compromise (VEC) attack tried to steal $36 million from a commercial real estate business.

Meanwhile, luxury car manufacturer Ferrari is investigating a cyberattack after a subsidiary received a ransom demand for customer contact information. And produce giant Dole has confirmed a ransomware attack involving unauthorized access to employee information.

It’s all in a day’s work for cybercriminals.

Abnormal Security observed the VEC attack seeking $36 million from the target. The enterprise was cc’d on an email containing an invoice for $36 million. The sender’s domain name, however, ended in .cam instead of .com. The full domain name looked like trusteddomain.cam. It’s almost impossible to notice for anyone but the most perceptive employee. The email included information about a payoff letter, and directed the reader to view the attached letter and payment instructions.

VEC Attack Impersonated Trusted Partner

The threat actor impersonated the senior vice president and general counsel from a trusted partner company with whom the enterprise has a long-term relationship. The attacker sent an invoice and wiring instructions with fraudulent payment details in an attempt to redirect a $36 million loan payment to themselves.

To further bolster their credibility, the attacker cc’d a second well-known real estate investment company on the email, again using a newly created domain that ended in .cam.

There was little reason for the enterprise to be immediately concerned about the validity of the wire transfer request. That’s because the enterprise involved in this attack works in commercial real estate where they often facilitate large-sum loans. In addition, the invoice appeared to be legitimate with legitimate recipients.

VEC Attack Most Dangerous Form of BEC

Mike Britton is Abnormal Security‘s CISO.

Abnormal Security’s Mike Britton

“VEC, the most dangerous type of business email compromise (BEC), is a uniquely dangerous cybersecurity threat that is continuing to grow in both frequency and severity,” he said. “In fact, two-thirds of all organizations are targeted by email attacks that use a compromised or impersonated third-party account each quarter. Unlike traditional BEC that impersonates an executive, a VEC attack occurs when a threat actor either gains control of a vendor email account or impersonates a trusted vendor in an attempt to execute an invoice scam or other financial fraud.”

These attacks are highly successful, Britton said. That’s because they exploit the trust and existing relationships between vendors and customers through personalization and social engineering.

Scroll through our slideshow above for more on these cyberattacks.