Two big international firms continue to deal with the ramifications of cyber attacks.
Furniture maker Ikea and tech giant Panasonic both reported incidents late last week. According to corporate messages to employees seen by the Bleeping Computer news service, Ikea staff are getting phishing messages from the furniture company’s partners as replies to existing email conversations. Meanwhile Panasonic said some data on a file server had been accessed by a third party on November 11th. Several Japanese news services say the intrusion dates back to June.
A spokesperson for Panasonic said in a statement Tuesday to ITWorldCanada.com that “we are currently investigating whether [the incident] included personal information of employees and customers.”
And in a statement Tuesday to ITWorldCanada.com, a spokesperson for Ikea Canada said there is no indication that customers’ or business partners’ data have been compromised. “We continue to monitor to ensure that our internal defence mechanisms are sufficient,” said Lisa Huie, Ikea Canada’s public relations leader. “Actions have been taken to prevent damages and a full-scale investigation is ongoing.
“What’s been reported in media is an internal awareness message to our co-workers, informing them about an unusual increase in attacks coming from external organisations and therefore asking them to be extra cautious.
“It’s our highest priority that Ikea customers, co-workers and business partners feel certain that their data is secured and handled correctly.”
Deploying phishing emails under the guise of a legal and genuine wrapper is extremely harmful, noted Purandar Das, president and founder at Sotero, a Massachusetts-based data encryption provider. “Employees have been trained to look out for email from non-official sources. They will by nature tend to be less concerned about an email that purportedly is sourced from a fellow employee. What is concerning is the continued evolution of these attack strategies, such as leveraging a weakness in the email server to launch a phishing attack. The fact that the attackers have access to the email server and the emails could lead to more nefarious activities.”