The unlimited creativity of hackers

Recently, IKEA faced a relatively new type of hacking: the email reply chain attack. If it were not criminal activity, you could say it was a clever way to infect a business with malware. In this blog, we explain how it works and what you can do to protect network and data.

Email phishing is still the most common way by cyber criminals to penetrate networks of companies and organizations. Another point is that Internet criminals are getting smarter. A relatively new technique they are using is that of the e-mail reply chain attack. This technique involves first hacking one or more e-mail account(s). Next, the hacker will monitor conversations conducted through the mail to see what opportunities there are to send malware or malicious links to the participants in the conversation. An effective way because the participants in the conversation know and trust each other and are not apprehensive about possible malware. After all, the malicious mail is “just sent” from the account of one of the participants in the conversation. And furthermore, this email has content that is consistent with the earlier conversation.

Didn’t you realize that?

You would think that users would realize soon enough that their mail account is being used. Remember, however, that the hacker has access to the account’s settings. For example, the hacker can have mails from certain recipients forwarded to another account, or cause certain mails to be placed in a separate folder. An e-mail reply chain attack is usually prepared without the characteristic language errors. And because a reply is added into an existing chain of emails and from a “trusted” sender, the risk of other employees opening the malware increases. With dire consequences.

Through the firmware

But hackers’ creativity does not end there. Also in the news in recent weeks: more than 150 models of HP printers have a bug in the firmware. Along that flaw, hackers could find out usernames and passwords of individuals who sent documents to the printer for printing. Such a password is sent along, for example, to ensure that the printer processes the document automatically and directly, without having to ask for a password first. Through personal accounts, this is how a hacker enters the system. The flaw in HP’s firmware has since been fixed, but it indicates that hackers find openings in the most ingenious ways.

What to do.

Things like awareness and a strict password policy are and will continue to be important, of course. And in addition, we always recommend having an air-gapped backup.

On behalf of all COMEX employees, Merry Christmas and a great start to the new year!