Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Ongoing IKEA cyberattack – comments from Netwrix

December 2021 by Dirk Schrader, Global VP of Security Research at Netwrix

As you may have seen, IKEA, the well-known home store, has been battling a cyber-attack this week where threat actors are currently targeting employees in internal phishing attacks using stolen reply-all chain emails. As this attack is ongoing, with IKEA employees and servers at risk, Dirk Schrader, Global VP of Security Research at Netwrix has made the following comments:

“Attacks abusing a company’s compromised internal email infrastructure are a security engineer’s nightmare. The security controls in place are usually not tuned for those types of attacks using emails sent from a company’s domain.

“The majority of regular users has difficulties in identifying a malicious email. External and/or unknown sender is the most obvious reason for being suspicious. When it comes to a letter from a co-worker, it is more likely that someone clicks on a malicious link or opens an infected attachment. That’s why the effectiveness of that attack method is higher.

“The main goal of the attackers is to infiltrate as many devices as possible to build the first stage of the attack. How these devices will then be used depends on other factors: their hardening and patch status, or whether a user was clicking away any security warnings following the initial step (opening an attachment or clicking on a link). The more options an attacker has, the higher are the chances to achieve the final goal of gaining control over the infrastructure, exfiltrating data or encrypting files.

“Companies can defend themselves by employing the basic security principles advocated by NIST, and specifically by restricting privileges and using a ZeroTrust model. Monitoring endpoints to detect any malicious changes is a control that should also be in place. After primary infiltration, the next stages in a cyber-attack will always require additional downloads of the tools for the attack to function. These downloads and files creation can be detected rapidly as they can’t be correlated with any regular user activity. Overall, companies should be aware about their sensitive data and critical elements of their infrastructure to know what to defend as all the data cannot be equally secured”


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts