Ikea fights cyberattack on company mail system

Media reports that Ikea is fighting an ongoing cyberattack on its email system by using internal phishing against employees using stolen email chains.

Such attacks are based on the fact that cybercriminals steal legitimate corporate correspondence and then integrate into existing email chains, sending victims links to malicious documents, which then install malware on recipient devices. Since such emails are legitimate emails and are usually sent on behalf of compromised accounts and internal company servers, recipients tend to trust such emails.

Bleeping Computer writes that its editors have obtained internal emails in which Ikea warns its employees about the ongoing cyberattack using email chains. Such letters come to employees both from internal mailboxes and from other hacked organizations and Ikea business partners.

Ikea fights cyberattack

An email attack can come from someone you work with, from any outside organization, or it can be a response to an ongoing conversation. Therefore, it is difficult to detect, and we ask you to be especially careful. Our email filters can detect some malicious emails and quarantine them. Since such an email can be a response to an ongoing conversation, it is easy to think that the filter has made a mistake and try to rescue the email from quarantine. Therefore, until further notice, all [employees] will be disabled from retrieving emails from quarantine.warns Ikea.

The company’s IT specialists report that such emails contain links with seven numbers at the end, and give an example of such a message. Currently, employees are generally advised not to open emails, regardless of the sender, and immediately report any suspicions to the IT department.

Cyberattack on company mail system

The publication recalls that recently, Trend Micro specialists also warned about such attacks.

Experts wrote that cybercriminals are breaking into Microsoft Exchange servers around the world in order to gain access to their messaging capabilities and send malicious emails to customers and company employees. According to them, hackers are attacking Exchange servers that are vulnerable to problems such as ProxyLogon (CVE-2021-26855) and ProxyShell (CVE-2021-34473 and CVE-2021-34523). Once they gain access to the server, they use the Powershell function to read and interact with the server’s mail storage system, and also integrate into existing conversations, sending new malicious messages to all participants.

Bleeping Computer reports that the attacks appear to be used to spread Emotet or Qbot malware, infecting which further compromises the network and ultimately leads to the deployment of ransomware.

Let me remind you that we also talked about the fact that Hacked Oxford server was used for phishing attacks on Office 365.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button