The software development company Applications Software Technology LLC (AST) discovered on March 9th that an unauthorized third-party gained access to the company through an employee email account. The attacker used the email account to request W-2 information for that employee and then diverted all the information to themselves. The company has since completed full scans of their systems to identify malware and other threats that may affect their employees. Multi-Factor Authentication (MFA) has been implemented for members of HR, accounting, and the executive team and there are plans in place to make it a companywide policy. A third-party IT company has also been consulted to provide a full vulnerability assessment.
Analyst Notes
Passwords for employee accounts are frequently stolen by threat actors and used to access corporate systems or sold to other attackers on criminal forums and underground markets. Once attackers have access to employee email accounts or shared company files, there are many types of fraud or extortion that can result. All critical accounts should be protected with Multi-Factor Authentication (MFA). Companies should actively monitor security events, including remote logins and suspicious program execution on endpoints, to detect attacker activity and take quick action to respond to intrusions. It is recommended that the affected employee remain vigilant for incidents of fraud or identity theft. If any suspicious activity is detected on an account, the financial institution or company that maintains the account should be promptly notified. It is also advised to report any tax fraud or suspected incidents of identity theft to proper law enforcement authorities and the IRS.
Source: https://www.scmagazine.com/home/security-news/data-breach/california-software-developer-hit-with-w-2-scam/
