We’re over a month away from tax season, but that hasn’t stopped hackers from targeting companies’ 2020 QuickBooks data – attacks are up over 600%. Learn more about this and other February developments below.
The number of QuickBooks attacks are up 6 to 7 fold as tax season approaches, according to cybersecurity company Threatlocker. Hackers are using a 15 line piece of code to copy a company’s QuickBooks data to the internet, where it can be easily accessed and distributed to paying “customers”.
QuickBooks makes this easy by automatically resetting file settings and allowing access to the “everyone” group whenever someone repairs a QuickBooks file, leaving it wide open for anyone to access. Dark web prices range from $1 to over $1,000 for databases, depending on the quality of data and whether passwords are included. [Read More at Threatpost]
Once signed by the governor, Virginia’s new law will go in to effect in 2023 and apply to any company with data for more than 100,000 Virginia consumers (or fewer if the firm sells the data for a profit). The law regulates what data can be stored and the level of security that must protect it. It also allows consumers to obtain a copy of their data file upon request, to tell the company to delete their data and to opt out of future advertising. Fines are up to $7,500 per violation, which adds up pretty quickly when you consider that most cybercriminals don’t steal one record.
Once signed, Virginia will become the second state with such a law (California’s is already in place). This will likely increase the pressure on the federal government to pass a superseding national law, as businesses will be unable to comply with a growing patchwork of state privacy laws with different stipulations. [Read More at the National Law Review]
Criminals are wringing every bit of value out of stolen usernames and passwords as the data theft industry grows and matures. Newly stolen credentials now go through five phases of value extraction. Before being sold or made available to other parties, the credential thieves use them in an attempt to gain direct access to company networks or other valuable data. If successful, this can yield immense profit for the thief (and immense pain for a business.)
After this attempt at a high-dollar return, hackers begin selling the data. The price drops over time as the sophistication of the buyers goes down. The person whose credentials were stolen is usually notified that their password was stolen in a breach or found on the Dark Web by the third phase. Unfortunately, the fact that there are two phases beyond that means that many people don’t bother to change their passwords after being notified. [Learn More at Dark Reading]