Cyberattackers Target QuickBooks to get Access to Databases

6
Cyberattackers Target QuickBooks to get Access to Databases

According to ThreatLocker reports, the breaches begin with two types of phishing attacks to get access to QuickBooks databases. First, the attackers give a PowerShell command that operates inside the malicious email. Second, the attackers send a Word document through email. If the receiver opens the attached document, a link inside that document downloads a file onto their computer. Once the command operates, it recovers the victims most recently saved QuickBooks file location, leads to the file share or local file, and grasps it. 

Co-founder, and CEO of ThreatLocker, Danny Jenkins, said the attackers usually upload the captured files to Amazon Web Services or Google Cloud or as a brief transfer point. 

To Read More: Dark Reading