Sri Lanka has announced a second significant financial loss within days, reporting on Tuesday that a payment of approximately $625,000 (about 199.7 million Sri Lankan rupees) intended for the U.S. Postal Service has gone missing. This disclosure closely follows an earlier revelation by Sri Lankan officials regarding the theft of $2.5 million by hackers who targeted the country's finance ministry, underscoring a critical and escalating cybersecurity challenge for the island nation.
The disappearance of the $625,000 payment for the U.S. Postal Service was detected after U.S. officials notified Sri Lankan authorities that the funds had failed to arrive, with the payment now believed to have been absent for several weeks. Local media reports indicate that authorities initiated an investigation into this incident following the discovery of an alleged attempt to divert another payment, this one intended for India, suggesting a coordinated pattern in these illicit activities.
The prior incident, which saw $2.5 million stolen, involved hackers diverting funds from the country’s postal authority to fraudulent bank accounts instead of the intended recipient. Treasury Secretary Harshana Suriyapperuma confirmed last week at a press conference that this initial attack shared characteristics consistent with business email compromise (BEC) attacks. These sophisticated cybercrimes involve attackers gaining unauthorized access to email inboxes or other accounting systems to manipulate bank accounts and routing numbers during the process of paying an invoice, effectively rerouting legitimate payments.
Business email compromise scams are a pervasive and highly profitable tactic for cybercriminals globally. Recent data from the FBI highlights that such attacks remain one of the primary sources of profit for cybercriminals, enabling them to steal vast sums through a single breach. The FBI estimates that email compromise attacks resulted in billions of dollars in losses last year alone, demonstrating the scale and severity of this particular threat landscape.
The unfolding situation suggests that the financial thefts from Sri Lanka might be more extensive than initially perceived. Australian officials have reportedly become aware of irregularities concerning payments owed to their country, further indicating a potentially broader scope of compromise impacting international transactions. Together, the two disclosed incidents represent a combined known loss of approximately $3.125 million, placing significant financial strain on the nation.
These successive security lapses have intensified pressure on the Sri Lankan government, which is still navigating a challenging path to recovery after years of severe financial difficulties. The country defaulted on its debt in 2022, an economic crisis that triggered months of widespread protests and ultimately led to the ouster of then-president Gotabaya Rajapaksa. The new wave of cyber threats now adds another layer of complexity to the nation's ongoing efforts toward economic stabilization and fiscal integrity.
While the pattern of attacks points to a concerted effort, it remains unclear whether the two reported thefts are directly linked. Member of Parliament Nalinda Jayatissa has stated that the government is actively investigating to determine if there is a connection between these incidents, as authorities work to understand the full extent of the compromises and to bolster national cybersecurity defenses.
Sources
Replies (0)
No replies in this topic yet.
