Companies need to review their IT security arrangements in the wake of a potentially serious spam incident that affected email servers at Scandinavian furniture giant Ikea.
That’s the warning from behavioural analysis software security specialist Tier-3’s CEO Geoff Sweeney. “Newswire reports suggest that Ikea has just closed a serious security flaw that allowed hackers and phishers full-on access to the resources of its email servers, allowing them to send bulk outbound mail from the furniture giant’s systems,” he says.
Most worrying with this security breach is that it gives sophisticated hackers an opportunity to send targeted emails containing zero day Trojans or Rootkits, he warns. The emails could then pass through almost all email and anti-spam security technology that relies on white and black listing – because they would be coming from a trusted Ikea domain.
The only way then to provide protection would be to add behavioural analysis security software, says Sweeney, which prevents both known and unknown threats.
“Ikea’s problems were caused because the contact template on the firm’s home page was inadequately secured, allowing hackers to insert alternative email addresses in a contact form. This allowed anyone with a little technical knowledge to generate millions of phishing and/or spam messages from Ikea’s mail servers using a simple script,” says Sweeney.
“It is hard to believe that Ikea reportedly did not close this security hole immediately but left it open for a further 5 days after they were warned about it by Jonas Thomsen,” he adds. “Had Ikea installed behavioural analysis security software on its systems, then it could have locked down the spam email problem as soon as it had happened.”