Email is the most common method of communication and information exchange and most people believe that, like a letter, once it is delivered, an email is immutable. However, a new email exploit turns that assumption on its head.

It is hardly surprising that cyber criminals focus their efforts on this new exploitable avenue. Imagine if a cyber criminal could remotely change, at will, the content that you see in your email. Even worse, what if a benign URL could be swapped with a malicious one, once the email has been delivered to your inbox and without direct access to your PC or email application? Now it can.

A technique exists that allows attackers to turn an apparently harmless email into a malicious one after it has already been delivered to the victim’s inbox. Dubbed “Ropemaker” (Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky) by a security researcher at Mimecast, an attacker can deploy this technique to remotely alter the content of an email after it has been sent.

The Ropemaker attack’s origin lies at the intersection of email and web technologies, more specifically cascading style sheets (CSS) used with hypertext mark-up language (HTML). These are modern text file systems that are used to achieve font, colour, graphics and hyperlink effects, fundamental to the way information today is presented on the internet. While the use of CSS and HTML has made email more dynamic and visually attractive than its purely text-based predecessor, it has also revealed that this web technology is open to exploitation.

Back to Blog