Ikea: Today, in the digital and online world in which we move, the data of you, me and in general of all users regardless of condition, class or job, are worth more than gold. For this reason, there are those who live exclusively by trading with databases stolen from hundreds, thousands or millions of clients of a platform, service or company.
And if we talk about a giant like Ikea, we will talk about a gigantic database.
Cyberattacks against Ikea on the rise
According to the BleepingComputer site, IKEA “is fighting cyberattacks that target employees in internal phishing attacks using stolen reply chain emails.” A reply chain email attack is when a cybercriminal steals legitimate corporate emails and then responds to them with links to malicious documents that install malware on recipients’ devices.
As these emails in the reply chain are legitimate company emails and are often sent from compromised internal servers and email accounts, the recipients trust the email and are more likely to open the malicious documents. In internal emails seen by BleepingComputer, IKEA warns employees of a chain response cyber attack targeting internal mailboxes. These emails are also being sent from other committed IKEA organizations and business partners.
Objective: The Ikea customer database
“There is an ongoing cyber attack targeting Inter IKEA mailboxes. Other IKEA organizations, suppliers and business partners are compromised by the same attack and are spreading malicious emails to Inter IKEA people,” an email explains internal sent to IKEA employees and viewed by BleepingComputer.
“This means that the attack can come through the email of someone you work with, from any external organization, and in response to a conversation already in progress. Therefore, it is difficult to detect, so we ask that you take extreme precautions ”.
IKEA teams are warning employees that these reply chain emails contain links with seven digits at the end. Additionally, employees are told not to open emails, regardless of who sent them, and to report them immediately to the IT department. Weapons used by hackers have recently begun “to compromise internal Microsoft Exchange servers using the ProxyShell and ProxyLogin vulnerabilities to carry out phishing attacks.”
There is also a concern that recipients could release malicious phishing emails from quarantine, thinking they were caught in the filters by mistake. Because of this, they are disabling the ability for employees to release emails until the attack is resolved.