The Cyber World right now is shaken by the latest email exploit which lets the hackers alter the writings of the e-mail, after being placed in the inbox.
This exploit named Ropemaker, innovated by security company Mimecast, allows the malicious parties to completely change the contents displayed in an e-mail, for example, editing texts or swapping a harmless URL with a link to malware.
This entire idea of the exploit is based on the fact that the attacker first sends an HTML email to the victim, but in the guise of CSS code, which is normally used to conduct the presentation style of a web page- to leverage a remote file hosted on the attacker’s server.
As per certain examples are given by Mimecast, a distant CSS code is first used to switch to an URL address in an email message, after which a matrix of ASCII text can be selectively controlled by change of what is displayed. This latter part would obviously allow an attacker to edit the text of an email, adding or removing sentences and external links.
Regarding Ropemaker, the senior director of security technology at Cylance, Brian Robison, regarded that this is not only the first exploit to make malicious use of CSS on web pages. He further added that “Phishing emails have been taking advantage of this for some time, including linking to the original source to make it look more legit. Example: You get an email from your bank; the email pulls the headers and logos directly from the bank’s website; then the button is actually linked to a different site entirely”.
However, Mimecast has confessed that it hasn’t yet seen Ropemaker in the wild and the further tests on browser-based versions of Gmail, Outlook and iCloud have already given the proof that these platforms are not susceptible to the exploit. Mimecast, however, claims that desktop and mobile versions of the Microsoft Outlook app, desktop and mobile versions of Apple Mail, and Mozilla Thunderbird, are all susceptible.
Again, many email clients look for header tags for emails in HTML formats, including tags that call for remote CSS files. With a further push, individuals or company admins could block remote CSS resources from loading. In response to a draft of this report, Apple notes that users can hide remote content in emails by navigating Mail, Preferences, Viewing, then without checking the “Load remote content in messages”.
Lastly, security expert, Graham Cluley regarded that it is good to be beware of unsolicited emails from unknown contacts. He added that “[The exploit] is certainly inventive, but perhaps not quite as creative as the hard work Mimecast put in constructing the Ropemaker acronym”.