Major Luxembourg-based carbon black supplier Orion has disclosed having nearly $60 million stolen following a successful business email compromise attack discovered on Saturday, reports The Record, a news site by cybersecurity firm Recorded Future.
Such a loss stemmed from unknown attackers luring a non-executive employee to conduct several outbound wire transfers to their controlled accounts, said Orion in a filing with the Securities and Exchange Commission. No further details regarding the incident were provided but Orion emphasized that investigation is still underway and that several legal means of recovering the exfiltrated funds are being explored. The development comes after BEC fraud was reported by the FBI to be the second most severe cybercrime form after logging $2.9 billion in losses last year. Third-party payment processor and cryptocurrency exchange accounts have been increasingly leveraged by threat actors venturing in BEC scams, noted the FBI report.
