Erik Westhovens says of this cyber attack: “Where Ikea differs from the above two methods is the attack method. At Ikea, a relatively new technology is used to infect systems and gain access. This technology is called a chain reaction attack where employees send emails. Which comes in response to messages The email was apparently sent previously, so since the employee thinks it’s a response to an email that was sent previously, they are more likely to open it.
Emails contain attachments that take advantage of a previously discovered HTML leak, so that documents appear as if they were made in an older version of Word or Excel. This then causes a popup and when the user clicks enable content, the daemon is installed and the system is hacked.
However, this is easy to prevent by blocking the option. Disabling activeX in Office really helps with detection, and if you then use simple rules like Block LSASS abuse and run LSASS in sandbox, the payload from granting itself elevated privileges.
Here too, discovery is your best friend and helps you take the right actions.”
Also read SentinelOne’s blog about supply chain attacks: https://www.sentinelone.com/blog/email-reply-chain-attacks-what-are-they-how-can-you-stay-safe/.
IKEA has been asked to comment via email, and as soon as there is a response we will publish it with this article.
“Lifelong zombie fanatic. Hardcore web practitioner. Thinker. Music expert. Unapologetic pop culture scholar.”