Cybercriminals Carried Out Phishing Attacks By Spoofing Accounting Software Like QuickBooks

What happened

• The attackers launched two phishing waves targeting the technology company Intuit's platform QuickBooks (an accounting software package), which is in high demand due to the upcoming July 15 tax deadline.
• In the first wave, the attackers spoofed QuickBooks to send phishing emails, in which they pretended to be from QuickBooks developer Intuit with the address quickbooks@notification[.]intuit.com. The email contained a file attachment (Microsoft Office document) masquerading as a legitimate monthly invoice.
• In the second attack wave, the attackers compromised the email address of an accountant to send a phishing email directly to the CEO, tricking them to enter their login credentials on a phony Skype page.

Other recent threats to accounting software

• In June 2020, the vulnerabilities (CVE-2020-2586 and CVE-2020-2587), dubbed "BigDebIT" were found in Oracle's E-Business Suite (EBS) which if exploited, could allow bad actors to target accounting tools such as General Ledger in a bid to steal sensitive information and commit financial fraud.
• In May 2020, a Belgian firm HLB, which has accounting businesses in 130 countries, was hit by Maze ransomware. The attack caused data leak of business contracts, accounts statements, confidential memos, and other general documents.
• In May 2019, a cyberattack on Wolters Kluwer, one of the world’s largest accounting software platforms, caused a shut down of many of its tax and accounting software applications (Taxprep T1, Taxprep T3, CCH SureTax, and CCH Axcess).

Stay safe