Targeted attacks against Saudi Arabia and other Middle East nations have been detected with a tool that’s been in the wild since 2020. Read More
Related Posts
ANY.RUN Cyber Attack: Employee Email Address Hacked
ANY.RUN Cyber Attack: Employee Email Address Hacked
A leading cybersecurity company has become the latest victim of a sophisticated phishing attack.
The incident, which began in late May and culminated in a large-scale email compromise on June 18, 2024, has sent shockwaves through the cybersecurity community.
First unauthorized log-in
Initial Breach: A Wolf in Sheep’s Clothing
The attack originated on May 23, when an unsuspecting ANY.RUN sales team employee received a seemingly innocuous email from a trusted client.
Registered PerfectData activity
Unbeknownst to the employee, the client’s account had been compromised, and the email contained a malicious link.
In a critical misstep, the employee entered their actual login credentials and multi-factor authentication (MFA) code into a fake login form while testing the link in a sandbox environment.
This action granted the attacker initial access to the employee’s account on May 27.
Persistence and Data Exfiltration
Once inside, the attacker demonstrated remarkable persistence. They registered their mobile device for MFA, ensuring continued access to the compromised account.
Over the next 23 days, the unauthorized entity repeatedly accessed the employee’s mailbox.
On June 5, the attacker escalated their activities by installing PerfectData Software, an application that potentially allowed them to create a complete mailbox backup.
This move signaled a clear intent to exfiltrate sensitive data.
The Phishing Campaign Unfolds
The full extent of the breach became apparent on June 18, when the attacker launched a large-scale phishing campaign using the compromised employee’s account.
The phishing email sent by the attacker using our employee’s account
Emails containing malicious links were sent to the employee’s contact list, mimicking the initial attack vector.
ANY.RUN’s response was swift. Within minutes of detecting the unauthorized activity, the company disabled the compromised account, reset affected credentials, and revoked active sessions.
However, the incident has raised serious questions about the company’s security practices.
In a statement, ANY.RUN acknowledged the breach and outlined its response actions, including short-term containment strategies and long-term plans for more robust access controls and MFA policies.
The company also emphasized that no data or system integrity was affected.
This incident is a stark reminder that even cybersecurity companies are not immune to sophisticated attacks.
It underscores the critical importance of stringent security protocols, employee training, and the need for constant vigilance in the face of evolving cyber threats.
Indicators of Compromise
IP addresses
45.61[.]169[.]4 (Sheridan, Wyoming, US)
40.83[.]133[.]199 (San Jose, California, US)
172.210[.]145[.]129 (Boydton, Virginia, US)
162.244[.]210[.]90 (Dallas, Texas, US) – the main VPS used in the attack was taken down on our request.
52.162[.]121[.]170 (Chicago, Illinois, US)
68.154[.]52[.]201 (Boydton, Virginia, US)
140.228[.]29[.]111 (Ada, Ohio, US)
52.170[.]144[.]110 (Washington, Virginia, US)
URLs
https://www.dropbox[.]com/scl/fi/vimfxi3mq0fch1u232uvp/Here-is-your-incoming-voice-mail-information_.paper?rlkey=69qgqvpkxn3mdvydkr8cgcd83&dl=0
https://batimnmlp[.]click/m/?cmFuZDE9Yldwa2IyRmFZa3hDVWc9PSZzdj1vMzY1XzNfbm9tJnJhbmQyPVJsQjJXbWRPZFZsTE1BPT0mdWlkPVVTRVIyMDA1MjAyNFVOSVFVRTA2MjQwNTIwMjQyMDI0MjAyNDA1MjAyNDA2MjQmcmFuZDM9UlRGWGFUSlNkVFJ0ZWc9PQ==N0123N[EMail]
https://www.reytorogroup[.]com/r/?cmFuZDE9YXpkcVJIbHpZa0kwVVE9PSZzdj1vMzY1XzNfbm9tJnJhbmQyPVVIb3libFEyWjA5NFNBPT0mdWlkPVVTRVIyMDA1MjAyNFVOSVFVRTA2MjQwNTIwMjQyMDI0MjAyNDA1MjAyNDA2MjQmcmFuZDM9VEdscFdFSTNVVzlzZFE9PQ==N0123N%5bEMail%5d
https://threemanshop[.]com/jsnom.js
Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free
The post ANY.RUN Cyber Attack: Employee Email Address Hacked appeared first on Cyber Security News.
What makes a ransomware attack eight times as costly? Compromised backups
What makes a ransomware attack eight times as costly? Compromised backups
[[{“value”:”New research has found that ransomware remediation costs can explode when backups have been compromised by malicious hackers – with overall recovery costs eight times higher than for those whose backups are not impacted.
Read more in my article on th Exponential-e blog.”}]] Read More
Graham Cluley
US DOJ Considers Breakingup Google Following Antitrust Case
US DOJ Considers Breakingup Google Following Antitrust Case
The U.S. Department of Justice (DOJ) is contemplating a historic move to break up Alphabet Inc.’s Google following a significant antitrust ruling. This development marks one of the most aggressive antitrust actions since the attempted breakup of Microsoft two decades ago.
The decision comes after a federal judge determined that Google had unlawfully maintained a monopoly in the online search market, prompting discussions on how to address these violations.
The DOJ’s considerations include the potential divestiture of key Google assets such as the Android operating system, the Chrome web browser, and the AdWords advertising platform.
Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot
These components are integral to Google’s dominance in the tech industry, and their separation could significantly alter the company’s operations and market influence. The breakup would be the largest since AT&T’s dismantling in the 1980s, highlighting the gravity of the situation.
A rare bid to break up Alphabet’s Google is one of the options being considered by the Justice Department after a landmark court ruling found that the company monopolized the online search market, according to people with knowledge of the deliberations https://t.co/zq98sCZZN3 pic.twitter.com/uHbdn62rJv
— Bloomberg TV (@BloombergTV) August 13, 2024
The DOJ is also evaluating less drastic measures, such as forcing Google to share data with competitors and eliminating exclusive agreements that make its search engine the default on various devices. These agreements have been central to the antitrust case and are seen as a method for Google to maintain its market dominance.
Additionally, the DOJ is considering measures to prevent Google from gaining an unfair advantage in emerging sectors like artificial intelligence, according to Bloomberg.
Google has responded by announcing plans to appeal the ruling, arguing that its search engine’s success is due to its superior product quality and innovation.
The company likens its business practices to common industry strategies, such as product placement deals between cereal companies and grocery stores. Google maintains that competition is readily accessible, as users can easily switch to alternative search engines.
The ruling and potential breakup have significant implications not only for Google but also for the broader tech industry. Other major tech companies, including Apple, Amazon, and Meta, are also facing antitrust scrutiny, and the outcome of Google’s case could set a precedent for future regulatory actions.
The DOJ’s decision is expected to resonate across the industry, influencing how tech giants operate and compete in the digital marketplace.
As the DOJ prepares to propose remedies to a federal judge, the tech world watches closely. A hearing is scheduled for early September, where further actions will be deliberated, potentially reshaping the landscape of digital competition in the United States.
Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Acces
The post US DOJ Considers Breakingup Google Following Antitrust Case appeared first on Cyber Security News.