Hackers stole $2.3 million from the Wisconsin Republican Party’s account that was being used to help reelect President Donald Trump in the key battleground state, the party’s chairman told The Associated Press on Thursday. The party noticed the suspicious activity on Oct. 22 and contacted the FBI on Friday, said Republican Party Chairman Andrew Hitt. Hitt said the FBI is investigating. FBI spokesman Leonard Peace did not immediately return a message seeking comment.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
This looks like an incident of BEC fraud which has cost the Wisconsin Republican party millions. BEC fraud is an attack vector on the up. Cybercriminals appear to be discovering the reality that as opposed to engaging with ‘wide-net’ phishing campaigns, they can save time and energy in researching one individual within a business, such as a member of the finance or HR teams, and sending them a targeted email that they would feel remiss not to engage with, such a message from the CEO or a member of the C-suite. Sites such as LinkedIn make this incredibly easy to achieve, allowing a threat actor to research members of staff in an organization with a few clicks, In order to avoid the exponential growth of these scams continuing, businesses need to engage in robust training and awareness campaigns with staff, as well as investing in an email filtering system which is regularly audited and updated.