Furniture giant Inter IKEA Systems B.V. has been targeted by an ongoing attack that uses internal emails to distribute malicious links and attachments.

The company warned employees of the attack on Friday, noting that the cyberattack is also affecting other IKEA organizations, suppliers and business partners. Phishing attacks targeting employees at companies are not that unusual, but where the attack on IKEA becomes interesting is that it’s described as a “reply-chain phishing attack.”

That involves those behind it intercepting legitimate emails from corporate addresses and then responding to them from other compromised corporate email accounts. In doing so, the attack is both harder to detect because it appears to come from within the company itself and, for employees, harder to notice.

“This means that the attack can come via email from someone that you work with, from any external organization and as a reply to an already ongoing conversation,” IKEA warned employees. “It is therefore difficult to detect, for which we ask you to be extra cautious.”

IKEA has publicly confirmed the attack, telling ITPro that actions have been taken to prevent damages and that a full-scale investigation is ongoing to solve the issue. The company added that it has no indication that customer data has been compromised.

“Employees have been trained to look out for email for nonofficial sources,” Purandar Das, founder and president of data security platform company Sotero Inc., told SiliconANGLE. “They will by nature tend to be less concerned about an email that purportedly is sourced from a fellow employee. What is concerning is the continued evolution of these attack strategies — leveraging a weakness in the email server to launch a phishing attack. The fact that the attackers have access to the email server and the emails could lead to more nefarious activities.”

Saryu Nayyar, chief executive officer of security information and event management company Gurucul Solutions Pvt. Ltd., noted that if you get an email from someone you know, or that seems to continue an ongoing conversation, you are probably inclined to treat it as legitimate.

“No business is safe from cyberattack — whether it’s for the purpose of ransomware, business disruption, or simply for spite, even seemingly innocuous companies are facing harm,” Nayyar added. “And this attack is particularly insidious, in that it seemingly continues a pattern of normal use.”

Photo: Kgbo/Wikimedia Commons