In December 2014, Nautilus Minerals, an underwater mineral exploration company, fell victim to a Business Email Compromise (BEC) attack in Dubai. A third-party attacker impersonated a legitimate business partner (MAC) and deceived Nautilus into transferring a $10 million deposit into a fraudulent bank account controlled by the hackers. The primary motive was financial gain, with the attackers intercepting the wire transfer between the two companies. Following the incident, Nautilus engaged a cyber-security firm to investigate the breach, secure its own and MAC’s networks, and prevent future attacks. The attack exposed vulnerabilities in the company’s email verification and financial transaction processes, leading to significant financial loss and reputational damage. While no sensitive data was leaked, the incident highlighted the risks of social engineering-based cyber fraud in high-value corporate transactions.
TPRM report: https://www.rankiteo.com/company/mawarid-mining-co-llc---mb-holdings-group-oman
"id": "maw239092125",
"linkid": "mawarid-mining-co-llc---mb-holdings-group-oman",
"type": "Cyber Attack",
"date": "12/2014",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Underwater Mineral Exploration',
'location': 'Dubai (Attack Location), Headquarters in '
'Canada',
'name': 'Nautilus Minerals',
'type': 'Private Company'},
{'name': 'MAC (Partner Company)'}],
'attack_vector': 'Social Engineering (Fraudulent Email)',
'date_detected': '2014-12',
'description': 'In December 2014, Nautilus Minerals, an underwater mineral '
'exploration company, was hit by a Business Email Compromise '
'(BEC) attack in Dubai. A third party launched a cyber attack, '
'resulting in Nautilus paying a $10 million deposit into a '
'bank account it believed belonged to MAC (its partner), but '
"which MAC later confirmed was not its account. The attacker's "
'motivation was financial gain. The company subsequently '
'engaged a cybersecurity firm to secure its and MAC’s networks '
"and investigate the attack's source.",
'impact': {'financial_loss': '$10 million (Intercepted Wire Transfer)',
'payment_information_risk': 'High (Fraudulent Bank Account Used)',
'revenue_loss': '$10 million'},
'initial_access_broker': {'entry_point': 'Fraudulent Email (Spoofed MAC '
'Communication)',
'high_value_targets': ['Financial Transactions '
'(Wire Transfers)']},
'investigation_status': 'Completed (by Unnamed Cybersecurity Firm)',
'motivation': 'Financial Gain',
'post_incident_analysis': {'corrective_actions': ['Engaged Cybersecurity Firm '
'for Network Security',
'Likely Implemented '
'Stricter Financial '
'Verification Protocols'],
'root_causes': ['Lack of Email Authentication '
'(e.g., DMARC, DKIM)',
'Human Error (Failure to Verify '
'Bank Account Changes)']},
'response': {'incident_response_plan_activated': True,
'remediation_measures': ['Network Security Review',
'Investigation into Attack Source'],
'third_party_assistance': ['Cybersecurity Firm (Unnamed)']},
'title': 'Business Email Compromise Attack on Nautilus Minerals (2014)',
'type': 'Business Email Compromise (BEC)',
'vulnerability_exploited': 'Human Error (Misplaced Trust in Email '
'Communication)'}