Hacker News recently reported that a security researcher from the security research firm, Mimecast named Francisco Ribeiro discovered a new method to exploit users email. The new exploitation method allows threat actors to turn a non-threatening email into a malicious email after it has already been delivered and opened in the victim’s email inbox. The new malicious email modification method is being called the “Ropemaker.” The name actually stands for “Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky.” Unfortunately, if the exploit is successful, the “Ropemaker” attack could allow threat actors to remotely modify content of a user’s email which was sent by the attacker itself. Thereby, switching a non-malicious URL with a malicious one within the body of the email. The exploit can still be executed even after the email has already been delivered to the recipient. The malicious email can still be delivered after going through all spam and security filters and without requiring any direct access to the recipient’s computer or email application. As a result, the exploit is capable of exposing hundreds of millions of desktop email client users to various types of intentionally malicious attacks by the simple use of email. At this time, Redport IA, LLC security researchers are making users’ aware of such a threat and there isn’t a mitigation method yet published for the new email threat. Therefore, it is up to users to be vigilant about which emails to open with embedded URL links. There is also another way for users’ to protect themselves from “Ropemaker” attacks. Users should also rely on web-based email clients like Gmail, iCloud and Outlook. These vendor based email providers are not affected by “Ropemaker” style CSS exploits, according to the security research firm Mimecast who discovered the exploit.
By Dr. Randall Sylvertooth
Reference:
http://thehackernews.com/2017/08/change-email-content.html
For more information about Redport’s information assurance and cyber
security services, visit
www.redport-ia.com,
email us at
info@redport-ia.com,
like us on
Facebook, and follow us on
Twitter@redport_ia.
Gaithersburg, MD, USA
