Blog

Second Generation Cyber-Attacks

Categories Cyber Security

Email is the most common method of communication and information exchange and most people believe that, like a letter, once it is delivered, an email is immutable. However, a new email exploit turns that assumption on its head.

It is hardly surprising that cyber criminals focus their efforts on this new exploitable avenue. Imagine if a cyber criminal could remotely change, at will, the content that you see in your email. Even worse, what if a benign URL could be swapped with a malicious one, once the email has been delivered to your inbox and without direct access to your PC or email application? Now it can.

A technique exists that allows attackers to turn an apparently harmless email into a malicious one after it has already been delivered to the victim’s inbox. Dubbed “Ropemaker” (Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky) by a security researcher at Mimecast, an attacker can deploy this technique to remotely alter the content of an email after it has been sent.

The Ropemaker attack’s origin lies at the intersection of email and web technologies, more specifically cascading style sheets (CSS) used with hypertext mark-up language (HTML). These are modern text file systems that are used to achieve font, colour, graphics and hyperlink effects, fundamental to the way information today is presented on the internet. While the use of CSS and HTML has made email more dynamic and visually attractive than its purely text-based predecessor, it has also revealed that this web technology is open to exploitation.

Back to Blog

Recent Blog Posts

Defend Your Business Against Phishing

Phishing is a fraudulent attempt to gain access to confidential data by using email and social engineering to dupe the

Read More

When More is Less…

Feeling bloated after Christmas? You’re not the only one. Five years ago, you may have visited Infosec (the annual Information

Read More

Cyber Security Roundup – December 2018

Your monthly cyber security roundup. Featuring this month: The UK’s preparedness to face cyber attack, the ICO’s report on data

Read More

Share This Post