Sri Lanka's $2.5 Million Theft Linked to Business Email Compromise, Not Hacking

Severity: Medium (Score: 51.1)

Sources: Island.Lk, Themorning.Lk

Summary

Sri Lanka's Treasury reportedly lost $2.5 million due to a compromised payment process rather than a cyber hack. Experts suggest the incident involved a Business Email Compromise (BEC) scenario, where fraudulent payment instructions were sent via email, leading to the diversion of funds. The lack of robust verification mechanisms and reliance on email for payment instructions created vulnerabilities. The incident has raised concerns about the integrity of the country's financial systems and the potential reputational damage to Sri Lanka. Officials have criticized the mischaracterization of the event as a hacking incident, emphasizing that it was a fraud scheme rather than a technical breach. The Treasury's operational fragmentation and insufficient security measures contributed to the incident. Current assessments indicate that the issue stems from procedural flaws rather than a systemic cyber intrusion. Key Points: • The $2.5 million theft was likely due to a Business Email Compromise (BEC) rather than hacking. • Weak verification processes and reliance on email for payment instructions created vulnerabilities. • Officials have criticized the mislabeling of the incident as a hacking attack.

Key Entities

• Phishing (attack_type)
• Central Bank (company)
• Free Lawyers (company)
• Sri Lanka Treasury (company)
• Treasury (company)
• Australia (country)
• India (country)
• Iran (country)
• Israel (country)
• Sri Lanka (country)
• CWE-287 - Improper Authentication (cwe)
• Financial (industry)
• Government (industry)
• T1078 - Valid Accounts (mitre_attack)
• T1566 - Phishing (mitre_attack)
• Swift (platform)