Multinational furniture designer and retailer IKEA was recently hit by a malicious attack.

The ongoing assault involved threat operators targeting staff members via an internal phishing strategy that made use of stolen reply-chain messages.

Reply-chain email attacks involve threat actors stealing legitimate corporate emails before replying to them. These malicious additions typically include infected documents that have the capability to install dangerous malware on the company’s devices.

Due to the fact that reply-chain email messages are authentic emails from an enterprise and are typically sent from a compromised email account and internal server, those in receipt often trust them. This makes it far more likely that they will interact with these damaging documents and harm their company’s devices and systems.

Coping with a continuing attack

Internal emails have surfaced showing IKEA warning its employees of an ongoing phishing attack using reply-chain emails being used to target internal mailboxes. The malicious emails are being issued from email accounts of other IKEA company branches and business partners that have been compromised.

An internal advisory email explained and warned employees on the continuing threat:

“There is an ongoing cyber-attack that is targeting Inter IKEA mailboxes. Other IKEA organisations, suppliers, and business partners are compromised by the same attack and are further spreading malicious emails to persons in Inter IKEA. This means that the attack can come via email from someone that you work with, from any external organisation, and as a reply to an already ongoing conversation. It is therefore difficult to detect, for which we ask you to be extra cautious.”

IKEA’s IT teams offered guidance to staff on how to recognise the reply-chain emails, explaining that they contained links that involved seven digits at their end. They also distributed an example email, to employees with an additional instruction not to open any such emails regardless of their sender and to report them immediately to the IT department.

Mitigating risks of a reply-chain email attack

As the messages are being transmitted from existing email chains and compromised internal servers, a higher risk exists that staff will trust the emails and not realise that they are malicious before it is too late.

Another concern for IT security is that recipients might release these malicious emails from their protective quarantine, mistakenly thinking they were captured by filters in error. As a result, they have disabled the ability for staff to release messages until the cyberattack is resolved.

Due to recent high-profile reply-chain email attacks like the strike against the Microsoft Exchange server, IKEA is exercising extreme caution. This type of attack is often just an initial stage in a far wider campaign to inflict damage and disruption on enterprises and organisations.

Phishing emails that deploy malware can lead to threat actors gaining a foothold in a company’s network. Once they have penetrated the system and achieved initial access, they can then move freely, often installing additional malware, locking firms out of their own systems, and stealing sensitive or confidential data.

Take the first steps needed to help prevent phishing emails haunt your enterprise by starting a free 14-day trial of secure our email encryption service!