IKEA was the victim of a cyber attack on Monday. The furniture giant has warned employees that the company has been hit by a phishing attack that uses employee email addresses to distribute malware internally through ongoing conversations between colleagues and suppliers. BleepingComputer writes this on the basis of internal e-mails that the website has seen. IKEA confirms the attack.
–
It is stated in the e-mails that Inter IKEA’s internal mailboxes are used for phishing. IKEA says other IKEA organisations, suppliers and business partners have also been affected by the attack and that more vulnerable emails are sent through them to employees within Inter IKEA.
Inter IKEA is the group of companies that connects IKEA suppliers and franchisees. IKEA suspects that their Microsoft Exchange servers are likely compromised.
–
Malware
The internal emails are used to spread malware, IKEA writes. The company emphasizes to its employees that the e-mails are not only sent via external parties, but also via legitimate internal e-mail addresses of colleagues. The emails are sent as reply-chain phishing. This means that the emails are sent in response to ongoing conversations, containing vulnerable links with which more employees can also be phished. The e-mails come from previously affected colleagues, so that it is less clear that it is phishing, because the e-mails come from acquaintances.
–
Still running
The emails have a link with seven digits at the end, IKEA IT department warns. This is how the links can be recognized at the moment. The IT department calls on employees not to open the emails, not to click on the links and to contact IT immediately.
–
According to IKEA, this is an ongoing cyber attack, the scale of which is not yet known. The company now uses an e-mail filter to stop the e-mails. Employees cannot remove emails from quarantine until further notice, IKEA writes to employees.
–
–
According to BleepingComputer, the links open a zip file, which in turn opens a malicious Excel file. Employees are encouraged to click a button that makes it appear that they can edit the document. In reality, a malware payload is downloaded and executed, similar to how the Emotet botnet distributes malware. That botnet recently resurfaced after, among others, the Dutch police had rendered it harmless in January.
–
“No customer data stolen”
In a response to Dutchitchannel, an IKEA spokesperson says that it is a phishing attack on parts of IKEA. According to her, there are no indications that customer data was stolen in the attack.
–
Earlier this month, electronics store Mediamarkt victim of a cyber attack, more specifically a ransomware attack.
–
Free unlimited access to Showbytes? Which can!
Log in or create an account and never miss a thing from the stars.
–
–
