Ransomware

ANY.RUN Malware Sandbox Provider’s Employee Email Compromised – The Cyber Express

Incident occurred after a customer's email account had been compromised and a phishing lure was sent to an employee.

by Alan J June 21st, 2024

Share on LinkedInShare on Twitter

ANY.RUN has disclosed a recent cybersecurity incident in which one of its employees fell victim to a sophisticated phishing attack, potentially compromising sensitive information.

ANY.RUN is an online malware analysis environment that helps researchers study and simulate the creation of malware and threat processes in real time.

While the full extent of the breach is still under investigation, ANY.RUN affirmed its commitment to transparency and stated that it would provide regular updates on the incident as they work to mitigate potential damage.

ANY.RUN Employee Email Compromise

Source: X.com (@anyrun_app)

According to a post on X from the company’s official handle, the attack originated from a compromised customer account, which had been used to send a convincing phishing email to a staff member. This led to unauthorized access to the employee’s email account. Subsequently, the attacker forwarded a phishing message to contacts within the compromised email address book.

ANY.RUN stated that it had already notified data controllers of affected individuals and is working closely with them to address any concerns. They emphasized that the compromised employee did not have access to the production environment or any code base, which limits the potential scope of the breach.

ANY.RUN Response and Next Steps

Upon discovery of the incident, ANY.RUN took steps to minimize possible compromise and share details about the incident. An ongoing investigation is being done to determine the full impact of the breach and gather additional details.

While the comprehensive report, the company has assured its customers that they are taking the matter seriously. In the coming days and weeks, ANY.RUN would work to:

1. Continue their investigation and analysis of the incident
2. Provide regular updates on their progress
3. Compile a detailed report of their findings

The company acknowledges that many questions remain unanswered at this stage. However, they are committed to keeping all parties informed throughout the process. Customers appear to have viewed the effort at communication positively, highlighting it as an example of transparency around cybersecurity incident reporting and disclosure.

The incident serves as a stark reminder that even companies working in the cybersecurity industry remain a potential target for attacks. Last year, Okta, a provider of identity and access management software, had suffered a security incident in which attackers had managed to access its support incident management through the use of stolen credentials.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button