The Rise of Cybercrime in the Accounting Profession Continues

Published September 24, 2020

The July 15 tax filing deadline is finally behind you. Now is the perfect time to address the growing number of cyberattacks still taking place in the accounting industry. 

Many accounting practices are reporting that IT vendors and employers rushed to provide access for remote employees without fully understanding how to properly implement and secure it. This has resulted in an increased number of cyberattacks on accounting practices of all sizes. With the increase in the remote workforce and the ongoing COVID pandemic, there has been a 300 percent increase in cyberattacks. 

Exploring the methodology of cybercriminals

As hackers continue to get more sophisticated with their tactics to obtain critical data from CPA firms, the process of accessing a network, destroying backups and encrypting data is becoming increasingly common. In addition to the standard ransomware attack, cybercriminals are now threatening to post data that they have stolen from the practice if you refuse to pay their ransom demands. Most threat actors have shifted to this modality as a way of almost guaranteeing that a business will pay the ransom to get its data back.

After breaching the practice’s network, the threat actors typically conduct surveillance to understand the types of applications running and the location of data and backups. They will often deploy credential harvesting software to steal usernames and passwords from devices and applications and use the information to further exploit the system. 

While conducting surveillance, hackers will attempt to move laterally through the network to gain access to additional devices. There have been numerous cases in which the threat actors deploy multiple screen-sharing applications on a network to easily gain remote access in the event the IT department tries to lock them out. 

Beyond the scope of firewalls

Just over a month ago, Black Talon Security was contacted by a practice that had received an error message when attempting to access their management software. Upon further investigation by their IT company, it was determined that the database and backups of vital company information were no longer on the network. The IT company found a ransom note from the threat actors indicating that the system had been compromised, the threat actors had stolen all of their data, and a ransom demand would have to be paid to prevent the public release of the data. 

Our initial investigation revealed that the threat actors stole the database and destroyed all backups. This came as a big surprise to the practice, as the managers and the IT company thought they were sufficiently protected with adequate security measures, including a firewall and antivirus software. 

Firewalls and antivirus software are no longer enough to protect your network. You need additional steps, such as vulnerability scans, penetration testing and cybersecurity awareness training to educate your staff and help prevent this type of disastrous attack from occurring. For most firms, the result of such an attack is not only a financial nightmare but also a PR disaster. 

Assessing and closing network vulnerabilities

Hackers typically attempt to attack accounting and CPA practices with the least secure networks (“low-hanging fruit”) and the most vulnerabilities or “unlocked doors and windows.” These vulnerabilities allow hackers to gain access to devices or computers and then use them as a launching pad to gain access to other critical systems such as servers and tax software. Cybersecurity experts can help you take steps to decrease the likelihood of breaches in networks and devices through advanced vulnerability management tools. 

Another powerful technique is to have an annual penetration test conducted on your network by an ethical hacker. A penetration test safely simulates an attack by a criminal and will uncover vulnerabilities in your network that could allow hackers to easily gain access to your data. 

An informed and knowledgeable workforce plays a vital role in protecting your company’s financial data from the threats of cybercrime. If an accounting practice does not have a comprehensive cybersecurity awareness training program in place, it can easily fall victim to “click risk.” This is when hackers deliver malicious emails disguised to look like legitimate requests or emails to fool the receiver into opening them and/or clicking on an attachment that is infected with malware. 

Modernizing cybersecurity for all CPAs

The accounting industry must shift its focus from simple, and often outdated, preventative measures to a comprehensive and multi-layered strategy that includes real-time vulnerability management, penetration testing, cybersecurity awareness training and a true independent security audit conducted by a dedicated cybersecurity firm. 

The last several months of the pandemic have taught us that CPA practices must prioritize security because the theft of data can be devastating to the business. Additionally, the landscape is changing quickly and threat actors are becoming highly sophisticated operatives, generating billions of dollars in ransom payments per year. CPA practices must have a threat mitigation strategy in place that includes more than just a firewall, antivirus software and some “feel-good” pieces of security software. 

An educated and proactive approach to protecting the data of your practice and the personal information of your clients should be a part of every business contingency plan.

(Source:  AccountingToday – Best of the Week – Voices – August 29, 2020)