An aerospace manufacturer that supplies engine and interior parts for the likes of Airbus and Boeing has been hit by a massive cyber attack that has seen hackers take off with $55m (€50m, £38m) from the company's accounts.
FACC, an Austrian company that has been a supplier to Airbus since 1989, revealed on its company blog that on 19 January the finance department "was the target of cyber fraud and became victim of fraudulent activities involving communication and information technologies".
The company, which makes overhead cabins and engines for business and commercial jets, went on to say that extent of the hack appeared to be purely money-focussed rather than a theft of intellectual property for its designs with "the damage an outflow of approximately EUR 50 [million] of liquid funds"
What is a spear phishing hack?
A spear phishing attack is a malicious email sent to a targeted individual or organisation with the purpose of gaining access to unauthorised private data. Often the email will look legitimate and contain a link for the victim to click on, when they do they are exposed to a fake website full of malware that infects the user's computer.
Details of exactly how the hack happened has not been revealed but website IT Governance believes it was a case of wire fraud by a spear phishing campaign. It said "it's not uncommon for financial departments to be tricked into wiring money over to false accounts" and noted how Ryanair suffered the same fate in April 2015 when it was duped into depositing £3.5m into a Chinese bank account.
Research independently conducted by the Ponemon Institute claims the average cost of a hack is estimated at around £2.6m last year so this breach is significantly large and as a result FACC's stock dropped by 17 percent following the news, which adds to the financial impact of the hack.
The company says the cyber heist has not affected its operation or is of any threat to its economic stability. FACC is conducting a criminal and forensic investigation into the matter but it serves as a reminder that companies worldwide are target to cyber thieves if they fail to remain vigilant.