Phishing From Within

IKEA has been in the limelight this week as the target of a creative phishing campaign. Internal company reply-chain emails are being stolen and used as a vehicle to lure employees into clicking malicious links. The links lead the victim to open an excel doc and ultimately download the hidden malware.

The familiarity of receiving email from a fellow IKEA worker creates a false sense of trust and weakens employees’ defenses making them more vulnerable to the click-bait. Business partners, suppliers and fellow employees at IKEA have all been compromised and are as likely to be the ‘sender’ as they are the ‘receiver’ of these ongoing phishing emails. 

Researchers believe that the threat actors compromised internal Microsoft Exchange Servers by exploiting the recent ProxyShell and ProxyLogon vulnerabilities. The server-side request forgery (SSRF) vulnerability allows threat actors to bypass authentication, gain entry to the Server, and execute operations on victims’ mailboxes. 

IKEA have their hands full containing the damage, stemming the flow of continuous phishing attacks, and investigating the extent their servers have been compromised.

This unfortunate incident highlights the importance of:

  • Prioritizing the immediate patching of vulnerabilities
  • Planning, testing and updating your Incident Response Plan
  • The value of cybersecurity awareness training for your employees

The Centraleyes platform gives you a clear view of your Cybersecurity posture, actionable steps to remediation, and up-to-date threat intelligence feeds. Sign up to have our Daily Intelligence Reports delivered free to your inbox and stay on top of latest vulnerabilities and threats. 

Start Getting Value With
Centraleyes for Free

See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days