After VDL and Mediamarkt, Ikea has now also been hit by a cyber attack. Report this bleepingcomputer en cybersecurity specialist Erik Westhovens of Insight.
Erik Westhovens says about this cyber attack: “Where Ikea differs from the two aforementioned is the manner of the attack. At Ikea a relatively new technique is used to infect systems and gain access. This technique is called reply chain attack in which employees send emails. that come as a reply to apparently previously sent emails, so because the employee thinks it is a reply to a previously sent email, he is more likely to open it.
The e-mails contain attachments that take advantage of a previously detected HTML leak, so that the documents appear to have been drawn up in an outdated version of Word or Excel. This then gives a pop-up and when the user clicks on enable content, the demonware is installed and the system is compromised.
However, this is easy to prevent by blocking the option. Disabling activeX in Office already helps with detection and if you then use simple rules like Block LSASS abuse and run LSASS in protective mode prevents the payload from giving itself elevated privileges.
Here too, detection is your best friend and helps you to take the right measures.”
Also read SentinelOne’s blog about Supply chain attacks: https://www.sentinelone.com/blog/email-reply-chain-attacks-what-are-they-how-can-you-stay-safe/.
IKEA has been asked for comment by email, as soon as there is a response, we will post it with this article.
–
