It’s a simple enough scenario: a customer sends the owner of a small business an email asking for a referral to a CPA firm. The business owner cheerfully forwards the email to the CPA, who contacts the new client and receives a common file that ostensibly contains the new client’s tax information. The CPA clicks on the file, and … that’s when the trouble starts.
At that point, malware likely invades the CPA’s system, but rather than encrypting data for extortion, it secretly starts stealing clients’ tax filling numbers. Having successfully stolen the numbers, the fake client bad actor behind the attack files fraudulent tax returns with the IRS using the CPA clients’ names and gets refunds deposited into a bank account.
The criminal skates away with hundreds of thousands of stolen dollars, maybe more, while the CPA is left with infuriated clients, hours of paperwork to do with the IRS, potential fines and penalties, and generally wrecked reputation.
Two CPA firms avoided potentially disastrous data theft
This tax season, advanced cloud security from Right Networks saved two firms victimized by a spear-phishing attack targeted at CPAs from experiencing extensive damage. The malware used in the attack was a type security experts had never seen and standard antivirus software would likely have missed. Had those firms not been running applications in a secure cloud, they almost assuredly would have suffered prolonged and extensive damage to their systems, possibly resulting in downtime and stolen data. All it took was one user clicking on a single link.
At both firms, when Right Networks learned of the attack, the Right Networks antimalware system and security protocol sprang into action, isolating and shutting down the affected server and removing the victim as a user of the server. Rather than cause immense disruption for the entire firm, the security protocol disabled the server the individual victim was using, knocking only a few users offline while other workers continued unaware of any issue.
Within minutes, the user who had clicked on the malware file was back up and running, and the rest of the firm continued to work unimpeded. Meanwhile, Right Networks was running security diagnostics on the attack.
Why the attacks would have worked without the cloud
Had the impacted firms not been running applications in the cloud, the attack would almost assuredly have succeeded and could have lasted for weeks or months. That’s because the malware involved appeared to be part of a new kind of zero-day attack.
Essentially, traditional antivirus software can’t protect against a malicious file until it has encountered it. Once the antivirus system knows a file is malicious, it can block a user from accessing it. But in zero-day attacks, there is no time for the antivirus system to catalog a malicious file, so the attack works until an antivirus provider can neutralize it.
How modern cloud security thwarted the attacks
The system in place at the two CPA firms that avoided disaster, however, works differently. Through machine learning, it can recognize unexpected behavior after a click. For instance, if a user clicks on a Microsoft Word document in an email and the user’s computer begins to download a massive amount of data from a known bad or dangerous server, the security system will recognize that behavior as unusual and send an alert that the server involved should be disabled. In addition, with tax season in full swing, Right Networks had intensified its already tight security controls for CPA firms.
Running applications in the cloud with Right Networks, then, saved two CPA firms from serious business disruption that could have cost both time and money on a massive scale, as well as from the potential fury of clients and unwelcome scrutiny from the IRS.