Within the past week, Blackpoint Cyber’s 24/7 Security Operations Center (SOC) has observed an alarming uptick (200+% increase) in cyber attacks targeting accounting firms. According to our VP of Threat Operations, Xavier Salinas, accounting firms are currently the most attacked vertical in our SOC since February – we don’t believe this is a coincidence, as it is US tax season.
Our analysis indicates that ransomware operators are primarily exploiting VPN vulnerabilities in accounting firms faster than MSPs can successfully patch. For example, if an MSP has 200 customers with a vulnerable VPN or firewall and they can realistically patch 20 customers a day, it will take up to two weeks to address all vulnerabilities. This logistical situation leaves a window of opportunity for attackers.
Unfortunately, we continue to see next-gen A/V and EDR technologies failing to identify the initial indicators of compromise in these attacks. Luckily, our SOC is detecting and stopping these attacks using our patented SNAP-Defense technology, which closely monitors lateral spread and unusual activity of legitimate, especially privileged, accounts.