Ikea is reportedly suffering a sophisticated email attack.
Ikea is reportedly undergoing a hacking attempt on its email system that involves duping employees with fraudulent messages.
According to Bleeping Computer, Ikea has sent out internal emails warning employees that the company is experiencing a “reply-chain phishing” attack on its email system. This cyberattack technique involves unauthorized intruders intercepting legitimate emails from corporate addresses and then responding to them from other compromised corporate email accounts and/or servers with links to malware.
This type of attack can be especially difficult to attack and defend against as the fraudulent phishing emails appear to originate from within the company. Ikea is reportedly treating the attack as a “significant” breach which could potentially lead to future hacking efforts.
"There is an ongoing cyberattack that is targeting Inter Ikea mailboxes,” Ikea said in a corporate email that Bleeping Computer posted on its site. “Other Ikea organizations, suppliers, and business partners are compromised by the same attack and are further spreading malicious emails to persons in Inter Ikea. This means that the attack can come via email from someone that you work with, from any external organization, and as a reply to an already ongoing conversation. It is therefore difficult to detect, for which we ask you to be extra cautious."
Ikea did not reply to a Bleeping Computer request for comment. However, the publication said it has been able to identify the attack via URLs in fraudulent emails it has obtained. The URLs lead to infected Microsoft Excel documents which will download malicious macros that steal sensitive information from recipient devices once opened.
Danny Lopez, CEO of Glasswall, told Chain Store Age this attack demonstrates the role of the human element in cybersecurity.
“In this case, it appears that an external bad actor manipulated employees with a reply-chain email - legitimate emails from a company, sent from compromised email accounts and internal servers,” said Lopez. “The solution to preventing incidents like this is twofold: training and technology. Training plays a vital role in any rounded approach to cybersecurity by arming as many users as possible to be alert to risks and follow best practices. But what if the links or attachments appear to be from someone you know and trust? The majority wouldn’t question it, especially if the message looks completely legitimate, as these Ikea emails did.”
Trevor Morgan, product manager with data security company Comforte AG, said educating employees is only one step to prevent these types of incidents.
“The entire corporation needs to adopt a culture of cybersecurity in which speed and rapidity are valued less than safety and sensible inspection of all requests for information and action,” said Morgan. “Social engineering preys on misdirection and hasty actions and responses. Put a premium on employees treating every email with healthy skepticism. And protect all sensitive enterprise data with more than just perimeter security, even if you feel that the impenetrable vault you’ve stored it all in is foolproof. Make sure that data-centric protection such as tokenization or format-preserving encryption effectively obfuscate sensitive information, in case threat actors find their way into your data ecosystem.”