Blog
Cyberattacks have found their way into the accounting industry and have created a need for cybersecurity for accountants. New research shows that attackers are targeting accountants to gain access to their clients' financials. Increasing cybersecurity is necessary to protect sensitive data, including customers' personal information, email addresses, passwords and social security numbers.
Besides marking their accounting targets, cyber attackers also take into account the best moment to strike. For example, threat actors target accountants when they are the busiest - managing end-of-the-year tasks and filing tax returns. Since March 2020, there has been a 300% uptick in strikes against accounting practices, making a strong case to strengthen the cybersecurity for accountants and their computer applications and networks used to manage their client data and confidential data. The Gootlloader campaign is one example of the possible dangers that target accounting firms and enterprises, specifically their devices and systems.
Gootloader - The increased need for cybersecurity for accountants
Gootloader — a kind of stealthy initial access malware that can infect the victim’s systems with ransomware or other lethal malware — was first discovered in 2020. It had been bugging the employees of accounting firms for the past few weeks before launching a broadside on a slew of reputable firms on January 6. Gootloader can infect any device via email phishing campaigns from mobile phones and tablets to computers and servers. Since it has the ability of self-propagation (meaning that it replicates itself without user intervention), Gootloader’s victims don’t even know this ransomware strain has hit them.
How Does Gootloader Attack a Company’s Systems?
There are several methods through which Gootloader delivers malware to the systems of potential targets. Such methods may include fake updates and trojanized applications. Gootloader has compressed but heavily obfuscated JavaScript code bypassing most security controls.
Gootloader also enters a system through poisoned search results, a.k.a. SEO poisoning. SEO poisoning happens when attackers erect malicious websites and perform search engine optimization to rank them in the top 10 search results. Whenever a business professional or an employee of an accounting firm uses the search engine to get sample business agreements, contracts, proposal documents, etc., the malicious sites appearing at the top of the results page trick them into clicking on malicious content masquerading as informative links. The moment they click the download button, Gootloader infiltrates their system and wreaks havoc.
The typical aim of a Gootloader infection is for ransomware or Cobalt Strike to be downloaded onto the target's system. It has quickly become the go-to method for cybercriminals to access a victim's system using malware like Gootloader and create a direct attack. It is undoubtedly one of the most popular tools in a cybercriminals toolbox.
Gootloader hackers are clever; they lure their targets to compromised websites with plenty of business-specific content (for instance, free samples of documents). These compromised websites actively use WordPress as their CMS and even represent businesses in the hospitality, education, healthcare, and retail sectors. Such a diversified and broad range of content helps attackers populate the web and increases the probability of infecting systems. Cybersecurity experts suggest it is imperative to check the credibility of a website before browsing or downloading content from it.
Accounting Firms and Consultants Need to be Alert
According to the latest reports, hackers have created over 100,000 corrupted web pages of several websites from a gamut of sectors. They had even hacked a 150-page website offering postnuptial or intellectual property agreements.
The design of Gootloader shows its goal is intelligence gathering. Besides being good at intel gathering, it also effectively delivers malicious and corrupted payloads like cobalt strikes. Each activity of Gootloader draws power from social engineering, SEO poisoning, and payload designing. The tactic of luring professionals to corrupt websites by offering free business agreement templates is highly effective, especially for accounting employees or business owners, as they often need to create business documents.
Protect your organization from cyberattacks by ensuring employee awareness and vigilance around cybersecurity. Recommend using only trusted sites and include it as part of your cyber hygiene and protocols. Also, train your employees to check the content before downloading it from a website. Cyberattacks are imminent, and cybersecurity for accountants is a must.
For an in-depth understanding of Gootloader or to ensure your accounting system's infrastructure and applications are secure, get in touch with Packetlabs’ cybersecurity experts.