Hackers are resorting to novel phishing attacks by using rogue QuickBooks and PayPal accounts, as traditional business email compromise (BEC) attacks become harder to carry out. Researchers have found that hackers are signing up for QuickBooks and PayPal accounts for free and sending thousands of phoney invoices to mid-level managers and purchasing people, as well as attacking small businesses.
While it is unclear how much money hackers have made from this new approach, Avanan has already blocked a hacker’s attempt to use a legitimate QuickBooks account to defraud a company.
New Approach to BEC attacks
The focus on stopping BEC attacks, which have cost companies over $43 billion over several years, has forced hackers to shift gears, according to researchers. Instead of compromising a corporate email account and targeting top C-suite executives, hackers are now targeting mid-level managers and purchasing people. Avanan, a Check Point Software Company, outlined this new line of attack in a blog post, explaining that it is different because the threat comes from legitimate sources.
Experts have warned that this new approach requires a new defence mechanism. Traditional BEC strategies rely on analysing the text in a message and looking for anything unusual. The previous communication with QuickBooks would look the same as the current campaign, so companies cannot rely on natural language processing, anomalies, or anything else. Therefore, they must adopt a new approach that includes phone number scam protection, and DLP on the back-end, which will block an invoice from being paid until it is verified as a legitimate invoice.
Companies Need to Slow the Process Down
Avanan’s cybersecurity researcher-analyst, Jeremy Fuchs, said that companies need to slow the process down to scrutinise every invoice more carefully. Google the phone number to make sure it is a legitimate business, and use DLP to slow the process down and have the invoice checked before it gets paid.
Andrew Barratt, Vice President at Coalfire, added that rogue invoice fraud requires business teams to operate the correct checks and balances – processes that cannot always get solved with a quick tech solution. He said these types of attacks are more impactful to small businesses that might not crosscheck purchase orders against an invoice before paying it.
Trusted Services Compromise Happens with All Threats
Patrick Harr, CEO at SlashNext, pointed out that this kind of trusted services compromise happens with all threats, not just BEC. Hackers use SharePoint, OneDrive, AWS, Hubspot, QuickBooks, and PayPal to deliver attacks because they are coming from trusted domains.
This increases the likelihood that they will bypass traditional email technology that relies on blocklist and domain reputation, and it will look legitimate to employees with security training. Harr said it is essential to have technology that has anti-evasion technology and can perform real-time scans to ensure these threats are stopped before they wreak havoc on an organisation.
The Next Evolution
According to Fuchs, hackers are incredibly adept at adjusting as defenders move to stop them. So much money and technology have been put into defending earlier forms of BEC, and many products have gotten good at stopping it. Therefore, hackers have to adjust, and they have here. It is the next evolution, and now the onus is on security providers and end-users to harden their defences. In essence, this cat-and-mouse game of cybersecurity requires constant vigilance and the willingness to adapt and adjust to new threats.
Join the Discussion