The Cann Group, a medical cannabis supply and distribution company based in Australia, has revealed to their shareholders that they suffered a cyber breach.
Cann,Group is one of the first groups in Australia to receive a license to cultivate medical cannabis. On February 8th, they revealed to their shareholders that an unknown 3rd party had received several payments that were supposed to go to an outside contractor. Instead, these malicious actors used a phishing scam to wire out over $3.6 million dollars from the company’s Mildura facility.
Cann’s attack has all the makings of a social engineering or phishing scam. Hackers presumably was able to get the attention of the right person, probably the controller, that handled this money. Then they disguised themselves as the contractor that was getting and got the company to wire the money out. The company was none the wiser until the contractor called in and said they had not been paid. Cannabis being a new and growing industry with less regulation now are a perfect target.
With the pandemic, cyber breaches all over the world spiked as many people worked from home and on less secure network. According to Australia’s Cyber Security Centre’s latest report, there were 2,266 incidents from June 2019 to June 2020.
What can you do to prevent a scam such as this? View our attached Cyber OneSheet for more information and best practices (Link) Schedule a meeting with our cannabis insurance broker John Pokryfki (Bio) And Follow these tips
- Require Wire Transfer Request Documentation with Separation of Authority Protocol
- Require Two forms of Wire Transfer Authorization
- New Client/Vendor Wire Instruction Verification
- Current Client/Vendor Wire Instruction Verification
For our insight into Cannabis (Link)