Security researchers recently demonstrated a new way that accounting software could be hacked, allowing unauthorized payments to be sent to cybercriminals.
The security site
They created a script that is able to make remote SQL database queries and commit financial fraud using a technique they refer to as “injection and hooking.” Unlike earlier hacking techniques, they would not need to install a piece of Trojan malware in the system that might be detected by antivirus software.
While the Mayhem script was just a proof of concept by researchers whose goal is to make accounting software more secure, it would not be surprising if the same technique were employed by the very hackers they hope to outwit.