Reports on breaches and attacks continue to trickle in with renewed cyberattack techniques. The latest is the email reply-chain attack that was used to launch a phishing campaign.
IKEA a global furniture retailer has 422 stores operating in 50 countries. The furniture giant was targeted by a phishing technique called email storm by hackers to steal data.
🛠️ IKEA are to launch a “full-scale investigation” after employees fell victim to an email #cyberattack. Worryingly, it is believed that other #IKEA suppliers & business partners have also been affected.
— Increase Your Skills (@IYS_GmbH) November 30, 2021
How does a reply-chain attack work?
A SentinelOne blog explains hijacking an email reply-chain begins with an email account takeover. Hackers take over control of one or more email accounts through password spraying, or an exposed vulnerability, and monitor email threads for an opening to push the malware or malicious link in an ongoing correspondence. The mail exchanges being between known sources and participants, the malicious correspondence is rarely doubted and the malware goes undetected.
“The technique is particularly effective because a bond of trust has already been established between the recipients. The threat actor neither inserts themselves as a new correspondent nor attempts to spoof someone else’s email address. Rather, the attacker sends their malicious email from the genuine account of one of the participants,” blogs SentinelOne.
The blog explains, as the threat actor has complete access to the mail conversation, it customizes the attack to sit well with the content of the mail exchange and gives no reason for the recipient to doubt the origin. As the source is trusted, the victim is most likely to click the malicious email. Thereby successfully launching the phishing campaign.
The IKEA Case
The email storm or mail reply-chain was effectively used on IKEA employees. The malicious mails were part of previously exchanged mails and were more likely to be viewed and clicked for further correspondence. The company claims that no customer data was captured. Not much has been shared on the security breach and further information is awaited.
Praveen Patil Kulkarni, Country Manager – Security Risk & Governance, Micro Focus opined, “As companies innovate with digital acceleration, the threat landscape is also evolving simultaneously. Attackers are discovering new ways of data theft to use as bait to trick their victims, reply-chain email attack being one such effort. Over 400,000 new types of malwares are created every day, making it complicated for organizations to defend themselves with traditional anti-virus solutions.”
“Despite the billions of dollars spent each year on security solutions, threats still find their way into most organizations. In this scenario, CISOs must ensure layering their security solutions with threat intelligence, including conducting effective training for employees to detect phishing attempts, creation of comprehensive corporate policies to address acceptable user behavior, and deployment of enterprise-grade alternatives to the less secure consumer-focused tools. The capabilities of niche technologies like AI and analytics must be taken advantage of to strengthen the cyber resiliency quotient of the organization and ensure the adoption of a proactive approach to data protection.”
Constant security reminders, employee awareness programs and cybersecurity best practices are few initiatives that organizations are running to mitigate risks and prevent security incidents. But the weakest link – the human factor – continues to be a vulnerable source that can bring the entire system down. Employees or people are the softest, most lucrative target for all kinds of attack and most targeted. Industry experts have been emphasizing the importance of addressing the human factor and how the trend is disconcerting as it results in increased security lapses and breaches.
James Forbes-May, Vice President, Asia-Pacific, Barracuda asserted, “In the past year alone, we’ve witnessed a number of worrying trends threatening businesses in the region, including a huge 64% uptick in the number of ransomware attacks; with 81% of organizations in APAC, Europe, the Middle East, and Africa (EMEA), and the United States (U.S.) reporting having suffered at least one security breach in the last 12 months. Our research also shows that the average organization is targeted by over 700 social engineering attacks each year – and it’s not just CEOs or personnel in financial roles who are being targeted. In fact, 77% of Business Email Compromise (BEC) attacks are targeting lower-level staff across a variety of roles, and why? Because cybercriminals know that even with the strongest security strategy and safeguards in place, the weakest link is usually the human link.”