Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks
#1
New research has uncovered a significant increase in QuickBooks file data theft using social engineering tricks to deliver malware and exploit the accounting software.
"A majority of the time, the attack involves basic malware that is often signed, making it hard to detect using antivirus or other threat detection software," researchers from ThreatLocker said in an analysis shared today with The Hacker News.
 
QuickBooks is an accounting software package developed and marketed by Intuit.
 
The spear-phishing attacks take the form of a PowerShell command that's capable of running inside of the email, the researchers said, adding, a second attack vector involves decoy documents sent via email messages that, when opened, runs a macro to download malicious code which uploads QuickBooks files to an attacker-controlled server.
 
Alternatively, bad actors have also been spotted running a PowerShell command called [color=var(--theme-link_a)]Invoke-WebRequests on target systems to upload relevant data to the Internet without the need for downloading specialized malware.[/color]
"When a user has access to the Quickbooks database, a piece of malware or weaponized PowerShell is capable of reading the user's file from the file server regardless of whether they are an administrator or not," the researchers said.
 
Furthermore, the attack surface increases exponentially in the event QuickBooks file permissions are set to the "[color=var(--theme-link_a)]Everyone" group, as an attacker can target any individual in the company, as opposed to a specific person with the right privileges.[/color]
 
That's not all. Besides selling the stolen data on the dark web, the researchers say they found instances where the operators behind the attacks resorted to bait-and-switch tactics to lure customers into making fraudulent bank transfers by posing as suppliers or partners.
 
Advising users to remain vigilant of these attacks, ThreatLocker recommends that file permissions are not set to the "Everyone" group to limit exposure.
"If you are using a Database Server Manager, be sure to check the permissions after running a database repair and confirm they are locked down," the researchers said.


Source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  WhitelistCloud By VoodooShield Drag & Drop Files to Analyze 1-10 files 500 MB each mrtrout 0 465 09-19-2023 , 03:18 PM
Last Post: mrtrout
  VMware warns of critical vRealize flaw exploited in attacks mrtrout 0 381 06-21-2023 , 02:00 AM
Last Post: mrtrout
  ASUS warns of Cyclops Blink malware attacks targeting routers tarekma7 0 1,886 03-19-2022 , 02:40 PM
Last Post: tarekma7
  Volvo Cars discloses security breach leading to R&D data theft mrtrout 0 669 12-11-2021 , 12:25 AM
Last Post: mrtrout
  Microsoft Warns of Widespread Open Redirects Phishing Attacks tarekma7 0 522 09-04-2021 , 02:58 PM
Last Post: tarekma7

Forum Jump:


Users browsing this thread: 1 Guest(s)