Australian Cyber Crime, 09 February 2021

Medicinal cannabis company Cann Group loses $3.6 million in “sophisticated” cyber attack

Medicinal cannabis company Cann Group has experienced a major cyber security incident involving a third party that stole $3.6 million in transactions meant for a contractor.

Source: Medicinal cannabis company Cann Group loses $3.6 million in “sophisticated” cyber attack | SmartCompany
Source: Cann Group flags $3.6m cyber security fraud | AFR”
More reports from SmartCompany
Other Breaches related to Agriculture and Farming and Medical and Health Care

The ASX-listed company told its shareholders yesterday an unknown third party received several payments totalling $3.6 million related to works at its Mildura facility that were intended to be paid to an overseas contractor.

Cann Group said the breach was “a result of a complex and sophisticated cyber fraud” but did not confirm the details of how the event took place.

After the medicinal cannabis company discovered the breach on February 4, the company’s stock was placed in a trading halt the following day, and resumed trading when the ASX reopened on Monday.

Cann Group said it is working with its bank to try to recover the payments and has contacted its insurance brokers about making a claim.

Robert Potter, security adviser and chief executive at Internet 2.0, said the incident looked like a standard Business Email Compromise (BEC).