Phishing is an email or SMS from an imposter pretending to be from a legitimate brand to induce people to hand over private information, passwords, and financial card details. It remains a highly effective attack formula.
IKEA is handling a vector attack where hackers are using reply chain emails to spread dangerous malware via seemingly reliable emails from workers and business associates.
The hackers have been able to access genuine company emails, which they are using to send phishing emails to IKEA staff.
These emails have clickable links which install malware to staff devices. Employees have been cautioned to look for malware that seems similar or identical to genuine Microsoft Office.
The Attack and How It Is Spreading
IKEA has made employees aware that its systems are under attack from cybercriminals, and some of their internal emails and those of their affiliates have been stolen.
These legit emails are the core of the cyberattack, and employees are being called to be vigilant.
As per the internal memo issued by IKEA, the cyber attack could be from an email satirizing a colleague or a business associate or continuing an existing conversation, making it hard to pin down.
The IKEA team further informed its workforce in the memo that has since gone viral that the reply chain emails URl’s intended for phishing had seven numbers at the end and that they should notify the IT department immediately should they come across them or if they had interacted with them.
Due to the cyberattack design, IKEA has temporarily deactivated its emailing system to sort the issue.
IKEA restated that their systems are capable of filtering out spam and quarantining suspicious emails. However, staff who are unaware upon checking their inbox think it is an error and unspam it because it looks like an email sent by a colleague.
How Vecto Attacks Work
Now and then, companies like Google and Microsoft have bulletins on vulnerabilities of their software and release patches for fixing. They detail the severity of the vulnerabilities, and the access hackers would exploit.
Microsoft released its vulnerabilities patches earlier this year, March.
Cybercriminals took advantage of these susceptibilities to enter Microsoft Exchange servers and initiate phishing attacks.
Using ProxyShell, cybercriminals gain entry to arbitrary code execution and the capacity to run any instructions or software they want.
It is also possible for cybercriminals to implement code on the target server using ProxyLogin from anywhere provided there is internet access.
They then use the compromised emails to spread malware and steal company data.
Cyberattack Intended to Install Viruses
According to BleepingComputer, the attack against IKEA is based on the URLs shared in the censored phishing email sent.
When a browser visits these URLs, it is rerouted to a download web page to retrieve a zipped file with a malicious Excel file. The recipient is asked to click the corresponding buttons on the attachment’s toolbar to view and edit content.
When these buttons are pressed, malicious macros are automatically triggered to download and save some OCX files on the computer from a remote website.
These ransomware files are then modified, and they are used to install the viruses using a specific command.
BleepingComputer records that hacker software operations employing this strategy have been observed to install the Qbot trojan, also known as Quakbot and or Emotet ransomware, on victims’ computers.
The Qbot and Emotet computer viruses can infiltrate a network and propagate ransomware if the network is not adequately protected. Cybercriminals can easily attack systems with weak, easily accessible passwords, where passwords are replicated across various platforms, exposed passwords online, and through phishing.
IKEA’s View On the Cyberattack
Since this malware are very serious and the probability that their Microsoft Exchange servers were infiltrated, IKEA is treating this security incident as a significant cyberattack with the potential for a considerably more devastating impact.
IKEA Is Resolving The Issue
The IKEA team, however, is resolving this issue to the best of their ability.
Source : HackerCombat