It’s a cautionary tale as old as email itself:
It was never your customer! A malicious actor posing as your customer has now gained access to your accountant’s systems using the tried-and-true “new client” spear-phishing attack method.
And now, malware is running stealthily behind the scenes—combing through the apps, software and technology the accounting firm relies upon…
Only, no one at the firm has any idea that an attack is underway.
Because rather than encrypting the firm’s data for extortion, the “new client” secretly starts stealing personally identifiable information (PII) and tax filing numbers. And after the fake client behind the attack gets what they need, they’ll file the fraudulent tax returns with the IRS using the firm’s client information.
And a few weeks later, multiple refunds from fraudulent tax returns will be deposited into the hacker’s bank account.
The criminal will skate away with hundreds of thousands of stolen dollars, maybe more. The accountant will contend with infuriated clients, hours of IRS paperwork, expensive fines, penalties and a wrecked reputation.
What could the accountant have done differently? Could the attack have been avoided altogether—or at the very least, discovered before any PII was stolen?
In spring 2020, two accountants (at two different firms) became spear-phishing attack victims.
Each received an email they were expecting, and each of them clicked on those respective emails. That’s it.
Skulls and crossbones didn’t take over their screens. Nothing happened at all.
Sometimes attachments don’t open. Sometimes links don’t work.
And had it not been for what happened next, both would-be victims would have moved on with their days.
However, cloud security containing advanced cyberthreat detection noticed unusual system behavior.
What did that mean? Here’s an example: If a user clicks on a Microsoft Word document in an email and the user’s computer begins to download a massive amount of data from a known harmful or dangerous server, the security system will recognize that behavior as unusual and send an alert that the server involved should be disabled.
In this case, anti-malware and security protocols sprang into action by isolating impacted systems and ultimately stopping the attempted theft in its tracks.
Rather than cause immense disruption for the entire firm, the cloud security team could disable only what was impacted (i.e., the victims’ servers). The team momentarily knocked just a few users offline to stop the attack while everyone else continued to work, unaware of any issues.
Within minutes, the accountants who had unknowingly initiated the malware were back up and running.
Meanwhile, cloud security engineers continued to run diagnostics on the attack to determine:
The malware used in the attack was a type most security experts had never seen, and standard antivirus software would likely have missed—a zero-day exploit.
As one expert source explains:
The term ‘zero-day’ refers to a newly discovered software vulnerability. Because the developer has just learned of the flaw, it also means an official patch or update to fix the issue hasn’t been released. So, ‘zero-day’ refers to the fact that the developers have zero days to fix the problem that has just been exposed—and perhaps already exploited by hackers.
Had cloud security not thwarted the attack, the hacker could have funneled data out of the firm for months. All because one software vulnerability, exposed through spear phishing, made it possible to install malware.
Vulnerabilities are exposed and patches are released every single day. The victims here were in the right place at the right time, just trying to do their jobs.
There are a few ways users can protect against phishing attempts and zero-day attacks…and keep their businesses safe from cyberthreats:
Running applications in the cloud with a trusted cloud provider is the safest way to ensure business continuity. Learn more about the built-in bank-level security cloud hosting technology provides, and the advanced threat protection offered by Right Networks Cloud Premier, in our resource center.
For more information on Right Networks’ security offerings, visit our security webpage.
Join our mailing list and get all of the latest news delivered straight to your inbox.