gurucul.com Open in urlscan Pro
192.124.249.53  Public Scan

Form analysis
1 forms found in the DOM

GET https://gurucul.com/

<form role="search" method="get" class="ubermenu-searchform" action="https://gurucul.com/">
  <label for="ubermenu-search-field">
    <span class="ubermenu-sr-only">Search</span>
  </label>
  <input type="text" placeholder="Search..." value="" name="s" class="ubermenu-search-input ubermenu-search-input-autofocus" id="ubermenu-search-field" autocomplete="on">
  <button type="submit" class="ubermenu-search-submit">
    <i class="fas fa-search" title="Search" aria-hidden="true"></i>
    <span class="ubermenu-sr-only">Search</span>
  </button>
</form>

Text Content

Request a Demo
Primary Menu
 * SECURITY
   * PLATFORM
     * Gurucul Risk Analytics (GRA)
       * – Real-time Behavior Analytics
       * – Actionable, Prioritized Risk Intelligence
       * – Customizable Machine Learning Models
   * SOLUTIONS
     * Cloud Security Analytics
     * Insider Threat
     * Medical Device Discovery & Monitoring
     * MITRE ATT&CK Analytics
     * Zero Trust Security
     * Securing Data with a Remote Workforce
     * Remote Third Party Workforce Service
   * PRODUCTS
     * Gurucul Analytics-Driven SIEM
     * Gurucul UEBA
     * Gurucul XDR
     * Risk-Driven-SOAR
     * Gurucul Security Data Lake
     * Gurucul ML-Based NTA
   * Powered by Gurucul Risk Analytics
 * IDENTITY
   * PRODUCTS
     * Identity Analytics
   * SOLUTIONS
     * Privileged Access Intelligence
     * Risky Account Discovery & Cleanup
     * Risk Based Access Certifications
     * Risk Based Authentication
     * Dynamic Access & Role Modeling
     * SoD Intelligence
     * Discover & Manage Access Risks in This Global Pandemic
   * Powered by Gurucul Risk Analytics
 * FRAUD
   * PRODUCTS
     * Fraud Analytics
   * SOLUTIONS
     * Account Takeover & Login Fraud
     * Anti-Money Laundering (AML)
     * Call Center Fraud
     * Credit Card Fraud
     * Insider Fraud
     * Mobile Fraud
     * Payment Fraud
     * Transaction Fraud
     * Regulatory Compliance
   * Gurucul Named An Overall Leader in KuppingerCole Leadership Compass Report
     for Fraud Reduction Intelligence Platforms
   * Powered by Gurucul Risk Analytics
 * SERVICES
   * SERVICES
     * Gurucul Labs
     * Gurucul SaaS
     * Professional Services
     * Support Services
     * Training
     * Support Portal
 * RESOURCES
   * MEDIA
     * Blog
     * Newsroom
     * Videos
     * Case Studies
     * Datasheets
     * Whitepapers and Reports
     * Webinars
     * Borderless Behavior Analytics
     * Post Archives
   * INDUSTRIES
     * Financial Services
     * Healthcare
     * Federal
 * COMPANY
   * COMPANY
     * About Gurucul
     * Why Gurucul
     * Board of Advisors
     * Leadership
     * Events
     * Awards
     * Careers
     * Contact Us
   * PARTNERS
     * Technology
     * MSSPs and Resellers
     * Deal Registration
   * Recognized for Best Behaviour Analytics/Enterprise Threat Detection
 * Search Search


IKEA FIGHTS AGAINST ATTACK USING TRUSTED EMAIL SENDERS

Free Services to help you during COVID-19 Learn More

Support Request a Demo Contact Us Blog
  
By Admin December 8, 2021

Grant Gross | Washingtonexaminer.com »

Giant home furnishing retailer Ikea recently faced a significant phishing attack
in which hackers compromised legitimate corporate email accounts and replied to
messages containing malicious documents.

This so-called reply-chain email attack was described as an “ongoing” attack by
an internal Ikea message, which said: “The attack can come via email from
someone that you work with, from any external organization, and as a reply to an
already ongoing conversation.”

In a statement to the Washington Examiner from Nov. 30, Ikea said it was aware
of the attack and was taking the matter seriously.

“While we have no indication that our customer’s data or business partners’ data
have been compromised, we continue to monitor to ensure that our internal
defense mechanisms are sufficient,” the statement said. “Actions have been taken
to prevent damages, and a full-scale investigation is ongoing.”

Keeping customer, employee, and business partner data secure is Ikea’s “highest
priority,” the company added.

Cybersecurity experts said these attacks could be difficult for email users to
detect because they come from trusted email senders.

“If you get an email from someone you know or that seems to continue an ongoing
conversation, you are probably inclined to treat it as legitimate,” said Saryu
Nayyar, CEO of cybersecurity vendor Gurucul . “This attack is particularly
insidious in that it seemingly continues a pattern of normal use.”

Nayyar called on organizations to educate employees frequently about attacks and
use machine learning and analytics-based cybersecurity tools to detect unusual
activities.

This attack is an example of cybercriminals getting more sophisticated, said
Nicolas Joffre, the America manager of the Threat Intelligence and Response
Center at Vade , which offers artificial intelligence-based email security.

In a typical phishing attack, an employee receives an email that “comes without
context,” making it reasonably easy to spot, he told the Washington Examiner.
But a reply-chain attack is “particularly effective because the usual warning
indicators are missing.”

With this type of attack, the hacker has gained access to an email chain and
then adds a malicious attachment or link, he said.

“They’re at an advantage here because trust has already been established between
the recipients,” Joffre said. “Attackers take their time watching conversation
threads awaiting opportunities. They also make sure they keep the same tone of
voice so the recipient doesn’t get suspicious when they read the email.”

The goal for the attackers may be to gain remote control of an infected
computer, send spam from an infected computer, investigate the company’s local
network, or steal sensitive data, he said.

Reply-chain attacks can erode trust in a company’s communication tools, added
Monica Eaton-Cardone, co-founder and chief operating officer of Chargebacks911 ,
a cybersecurity company focused on protecting online transactions.

“These kinds of attacks can be absolutely devastating because they destabilize
your organization during a time of crisis,” she told the Washington Examiner.
“Suddenly, you don’t think you can safely communicate with your teammates. You
no longer trust your emails and digital messages.”

When companies lack a way to communicate safely, they can’t develop a strategy
to counter the attack, she added. “You’re dead in the water.”

She noted that these types of attacks have been particularly effective during
the coronavirus pandemic, with most communication happening over the internet
instead of in person.

Companies should go beyond training and test their employees on cybersecurity
hygiene, she said.

“Cybersecurity is a never-ending game of cat and mouse, and when the cat’s
tactics change, you have to respond — or you’ll get eaten alive,” she added.
“The cybersecurity profession is always evolving, always changing — mostly
because the hackers and cyber thieves are constantly adopting new tactics.”

Ikea Fights Against Attack


External Link: Ikea Fights Against Attack Using Trusted Email Senders

Share this page:
LinkedInFacebookTwitterShare
CyberattackCybersecurityHackingPhishing


RELATED POSTS

Cybersecurity Conundrum: Who’s Responsible for Securing IoT Networks?

Richard Adhikari | ecommercetimes.com, technewsworld.com » It’s hard to beat
being able to tell your…

25 Sep 2020
Over 34 Million Records From 17 Companies Including Lazada and Eatigo Listed for
Sale on Hacker Forum

Alicia Hope | Cpomagazine.com A threat actor is selling account databases on an
underground hacking forum. The…

19 Nov 2020
DOJ Charges Woman With Political Candidate Phishing Attacks

Expert(s): Saryu Nayyar, Irene Mo | Informationsecuritybuzz.com » The Department
of Justice (DOJ) U.S. Attorney’s…

03 Jun 2021
EU Banking Reg. Hit By MS Exchange Attack– Experts Reaction

Expert(s): Saryu Nayyar, Bryson Bort | Informationsecuritybuzz.com »  The
European Banking Authority, a key EU financial…

11 Mar 2021
Google Emergency Update Fixes Two Chrome Zero Days

Lisa Vaas | Threatpost.com » This is the second pair of zero days that Google’s…

05 Oct 2021
Intuit Informs TurboTax Customers of Account Takeovers

Ben Canner | Solutionsreview.com » Financial software company Intuit recently
informed customers of its TurboTax…

21 Jun 2021
Dave Security Breach Exposes 7.5M Users’ Data

By Anna Hrushka | Bankingdive.com » Dive Brief: A security breach exposed the
personal data…

29 Jul 2020
Resilience In Critical Infrastructure

CyberWire staff | Thecyberwire.com » Since the recently disclosed cyberattack
against a server at the…

28 Sep 2021
Why Government is a Breeding Ground for Insider Threats

Government Computer News By Saryu Nayyar, CEO, Gurucul Government agencies and
the nation’s critical infrastructure…

16 Jan 2020
Online Merchants: Prevent Fraudsters from Becoming Holiday Grinches

Saryu Nayyar | Threatpost.com » Black Friday and Cyber Monday approach! Saryu
Nayyar, CEO at…

23 Nov 2021
Gurucul Introduces Platform for Hunting Security Threats

www.dbta.com » Gurucul, a provider of unified security and risk analytics
technology, is introducing automated,…

22 Feb 2020
Experts Perspectives On Verizon Mobile Sec Index: WFH The New Normal

Expert(s): Matias Katz, Saryu Nayyar, George McGregor |
Informationsecuritybuzz.com » The Verizon 2021 Mobile Security…

12 Apr 2021
Home Depot Suffers Data Breach in Order Confirmation Snag

Jamie Grill-Goodman | Risnews.com The Home Depot exposed private order
confirmations of hundreds of Canadian…

03 Nov 2020
FBI Says Hackers Want to Stoke Doubt About the 2020 Election

by Jonathan Greig | itechrepublic.com » In a PSA on Monday, the FBI and CISA…

30 Sep 2020
White House Warns Companies To Step Up Cybersecurity: ‘We Can’t Do It Alone’

Hugh Taylor | JournalofCyberPolicy.com The White House warned corporate
executives and business leaders on Thursday…

07 Jun 2021







 * Products
 * Solutions

Gurucul Analytics-Driven SIEM

Cost Efficient Cloud Native SIEM

Gurucul User & Entity Behavior Analytics

Continuous Anomaly Detection & Remediation

Gurucul XDR

Augmented Threat Detection & Faster Incident Response

Gurucul Identity Analytics

Real-Time Access Control Automation Using Risk & Intelligence

Gurucul Fraud Analytics

Holistic Cross-Channel Fraud Detection & Prevention

Insider Threat


Stop Insider Threats, Account Hijacking & Data Exfiltration

Zero Trust Security


Implement Zero Trust Controls with Risk Based Context

MITRE ATT&CK Informed Security Analytics

Automate Machine Learning Based Threat Detection and Response for MITRE ATT&CK
Framework

Risk Based Access Certifications


Reduce Rubber-stamping, Time Spent and Overall Risk Through Outlier
Certification

Risk Based Authentication


Empower Digital Transformation with a Frictionless User Experience

RECENT POSTS

 * GraphQL Vulnerability Exposes Sensitive Data on Undisclosed FinTech Platform
 * IKEA Reply Chain Attack Spotlights Need for Security Boost
 * Researchers identify 14 new XS-Leaks, seen as entrée into cloud resources
 * Booz Allen Study Warns That China is after U.S. Classified Encrypted Data
 * Ikea Fights Against Attack Using Trusted Email Senders




SECURITY

 * Gurucul Risk Analytics (GRA)
 * Gurucul Analytics-Driven SIEM
 * Gurucul UEBA
 * Gurucul XDR
 * Risk-Driven SOAR
 * Gurucul Security Data Lake
 * Gurucul ML-Based NTA
 * Cloud Security Analytics
 * Insider Threat
 * Medical Device Discovery & Monitoring
 * MITRE ATT&CK Analytics
 * Zero Trust Security


IDENTITY

 * Identity Analytics
 * Privileged Access Intelligence
 * Risky Account Discovery & Cleanup
 * Risk Based Access Certifications
 * Risk Based Authentication
 * Dynamic Access & Role Modeling
 * SoD Intelligence


FRAUD

 * Fraud Analytics
 * Account Takeover & Login Fraud
 * Anti-Money Laundering
 * Call Center Fraud
 * Credit Card Fraud
 * Insider Fraud
 * Mobile Fraud
 * Payment Fraud
 * Transaction Fraud
 * Regulatory Compliance


ABOUT US

 * Company
 * Contact Us
 * Leadership
 * Board of Advisors
 * Blog
 * Press Releases
 * News
 * Careers
 * Business Continuity
 * Glossary

 * Privacy Policy

© 2021 GURUCUL
LinkedInFacebookTwitterShare
✓
Thanks for sharing!
AddToAny
More…

×
We Value Your Privacy
Settings
NextRoll, Inc. ("NextRoll") and our advertising partners use cookies and similar
technologies on this site and use personal data (e.g., your IP address). If you
consent, the cookies, device identifiers, or other information can be stored or
accessed on your device for the purposes described below. You can click "Allow
All" or "Decline All" or click Settings above to customize your consent.
NextRoll and our advertising partners process personal data to: ● Store and/or
access information on a device; ● Create a personalized content profile; ●
Select personalised content; ● Personalized ads, ad measurement and audience
insights; ● Product development. For some of the purposes above, our advertising
partners: ● Use precise geolocation data. Some of our partners rely on their
legitimate business interests to process personal data. View our advertising
partners if you wish to provide or deny consent for specific partners, review
the purposes each partner believes they have a legitimate interest for, and
object to such processing.
If you select Decline All, you will still be able to view content on this site
and you will still receive advertising, but the advertising will not be tailored
for you. You may change your setting whenever you see the on this site.
Decline All
Allow All