When a previously unidentified form of spear-phishing malware attack struck two CPA firms, advanced cloud security was able to thwart it. Here’s how.
Learn more about cloud security and the advanced threat protection Right Networks Cloud Premier provides.
It’s the cautionary tale as old as email itself:
It was never your contact! A malicious actor posing as your customer has now gained access to your CPA’s systems using the tried-and-true “new client” spear-phishing attack method.
And now, malware is running stealthily behind the scenes—combing through the apps, software and technology your CPA relies on…
Only, nobody at the firm has any idea an attack is underway.
Because rather than encrypting the firm’s data for extortion, the actor-posing-as-a-new-client secretly starts stealing personally identifiable information (PII) and tax filing numbers.
After the fake client behind the attack gets what they need, they file the fraudulent tax returns with the IRS using the CPA clients’ information.
And a few weeks later, multiple refunds from fraudulent tax returns are deposited into the hacker’s bank account.
The criminal: Skates away with hundreds of thousands of stolen dollars, maybe more.
The CPA: Contends with infuriated clients, hours of IRS paperwork, expensive fines, penalties and a wrecked reputation.
In Spring 2020, two CPAs (at two different firms) became spear-phishing attack victims.
Each received an email they were expecting, and they clicked. That’s it.
Skull-and-crossbones didn’t take over their screens—nothing happened at all. Sometimes attachments don’t open. Sometimes links don’t work.
However, cloud security containing advanced threat detection noticed unusual system behavior.
Unusual system behavior? For example, if a user clicks on a Microsoft Word document in an email and the user’s computer begins to download a massive amount of data from a known bad or dangerous server, the security system will recognize that behavior as unusual and send an alert that the server involved should be disabled.
In this case, anti-malware and security protocols sprang into action by isolating impacted systems and ultimately stopping the hack in its tracks.
Rather than cause immense disruption for the entire firm, the cloud security team was able to disable only what was impacted (the victims’ servers) knocking only a few users offline momentarily while everyone else continued to work, unaware of any issue.
Within minutes, the CPAs who had (unknowingly) initiated the malware were back up and running.
Meanwhile, cloud security engineers continued to run diagnostics on the attack to determine 1) how it happened 2) why it happened and 3) how to avoid it from happening ever again.
The malware used in the attack was a type most security experts had never seen and standard antivirus software would likely have missed–a zero-day exploit.
“The term “zero-day” refers to a newly discovered software vulnerability. Because the developer has just learned of the flaw, it also means an official patch or update to fix the issue hasn’t been released. So, “zero-day” refers to the fact that the developers have “zero days” to fix the problem that has just been exposed — and perhaps already exploited by hackers.”¹
Had cloud security not thwarted the attack, the hacker could have funneled data out of the firm for months. All because one software vulnerability, exposed through spear-phishing, made it possible for malware to install.
And before we go down the “well, what was vulnerable?” road, let’s be clear: That part doesn’t matter so much. (And, I don’t know.) Vulnerabilities are exposed and patches are released every single day. The victims here were in the right place at the right time, just trying to do their jobs.
There are a few ways users can protect against phishing attempts, zero-day attacks, and keep their businesses safe from cyber threats:
Running applications in the cloud with a trusted cloud provider is the safest way to ensure business continuity. Learn more about the built-in bank-level security cloud hosting technology provides, and the advanced threat protection offered by Right Networks Cloud Premier, in our resource center.
Originally published March 19, 2020, updated June 04, 2021.
Join our mailing list and get all of the latest news delivered straight to your inbox.