That means that any user can access all of the data in the Quickbooks file, allowing even more data to be stolen by the malware. As a result, access to the database is left wide open and this is a major security concern.” But, according to Threatlocker, “When carrying out a repair, file permissions are reset and the ‘everyone’ group is added to the permission. Intuit even supplies a tool for this purpose, called the Quickbooks File Doctor. Quickbooks has a well-known flaw, however: Quickbooks data files often get damaged, and when they do they need to be repaired. When users are restricted to their appropriate groups, the malware can only exfiltrate data that the infected user can access. For example, Accounts Receivable clerks would not be in a group that allowed them to pay vendors. The ability for users to access the file are added using QSDM so that users can only access the parts of Quickbooks appropriate to the user’s role. Quickbooks, like most other systems that contain important data, has security built into its data files. Quickbooks Desktop began life back in 1983 as a single-user accounting system, and was later modified to allow multiple users across a network using a separate piece of software called Quickbooks Server Database Manager (QSDM). It’s important to understand that we’re talking about the traditional Quickbooks Desktop system, and not the newer Quickbooks Online. What makes it even more important is that hundreds of thousands of accounting and bookkeeping companies also have Quickbooks, and use it to connect to their clients’ data, multiplying the threat this hack poses worldwide. That makes this hack critically important. How Quickbooks Makes The Threat WorseĪccording to Quickbooks experts, Quickbooks is now the accounting software of choice for more than 29 million small and medium sized businesses. The malicious script would download additional malware, possibly a Powershell script, which would access and exfiltrate the Quickbooks file. This slightly more complex method involves a piece of scripted malware living inside of an MS Word file that was delivered by email. These scripts silently look for and exfiltrate (a fancy word that means “steals”) data from the company QuickBooks file.Īnother method for stealing Quickbooks files data was also revealed in the same report. This rise in access led to their investigation, which revealed that companies were receiving emails with embedded Powershell scripts. Powershell is a scripting tool installed by default on all Windows 10 computers. Threatlocker reported in February about the growth in the incidence of Quickbooks Data Theft after noticing a 600% to 700% increase in Powershell software accessing Quickbooks data files. In some cases, the attack can be successful no matter which member of an organization is targeted, and all that staffer would need to do is open an innocent-looking email in order to tip the first domino. A new threat, as reported by ThreatLocker, uses two different methods (and some variants) for attacking a company’s Quickbooks Data File via email. If you are like millions of companies and organizations around the world, you use Quickbooks Desktop software by Intuit to manage your accounting. And so you know that if your accounting data were to fall into the wrong hands, it could cause immeasurable damage. Did you know that your accounting data may be at risk? The Quickbooks Data Theft Attack may have already stolen your accounting data, and you wouldn’t even know it.ĭo you consider your organization’s accounting data confidential? All companies do, of course.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |