Security News > 2021 > February > Tax Season Ushers in Quickbooks Data-Theft Spike
Cybercriminals are ready for tax season with new malware designed to exfiltrate Quickbooks data and post it on the internet, according to a new report from ThreatLocker.
"When Quickbooks is on a file server, you are required to use a Quickbooks Database Server Manager, the report said."When carrying out a repair, file permissions are reset and the 'everyone' group is added to the permission.
Jenkins said he was able to reverse engineer the Quickbooks malware and traced Quickbooks data on the dark web.
Besides selling the Quickbooks data for a profit, Jenkins said that he predicts the data will also likely be stored and used to power future spear-phishing campaigns, which rely on personal information to tailor social-engineering scams for maximum effect.
To protect tax data, ThreatLocker recommended making sure the "everyone" group is not selected for Quickbooks permissions - the best idea is to limit access to a single user.
Jenkins said that his company looks at wide trends in data the ThreatLocker solutions encounter across a variety of networks, and said he suspects that Quickbooks attacks are more visible because it's one of the most-used accounting packages during tax season.