Security News > 2021 > November > IKEA Hit by Email Reply-Chain Cyberattack

As of Friday - as in, shopping-on-steroids Black Friday - retail titan IKEA was wrestling with a then-ongoing reply-chain email phishing attack in which attackers were malspamming replies to stolen email threads.

The phishing emails were coming from internal IKEA email addresses, as well as from the systems compromised at the company's suppliers and partners.

"There is an ongoing cyberattack that is targeting Inter IKEA mailboxes. Other IKEA organisations, suppliers, and business partners are compromised by the same attack and are further spreading malicious emails to persons in Inter IKEA.".

The attackers were gnawing on the ProxyLogon and ProxyShell vulnerabilities in Microsoft Exchange Server to hijack email chains, by malspamming replies to ongoing email threads and hence boosting the chance that their targets would click on malicious links that lead to malware infection.

"Our email filters can identify some of the malicious emails and quarantine them. Due to that the email could be a reply to an ongoing conversation, it's easy to think that the email filter made a mistake and release the email from quarantine. We are therefore until further notice disabling the possibility for everyone to release emails from quarantine." -IKEA internal email to employees.

"Compromised email accounts, especially those from internal email systems with access to an organization's contact lists, can be very damaging, as internal emails are considered trusted and lack the obvious signs of phishing that we are used to looking for," he told Threatpost via email on Monday.

News URL

https://threatpost.com/ikea-email-reply-chain-attack/176625/