Mimecast warns against new email exploit

An attacker could switch the display of an email from using a “good” URL to presenting an “evil” URL
Matthew Gardiner, senior product marketing manager, Mimecast
Matthew Gardiner, senior product marketing manager, Mimecast

Share

Mimecast has warned against yet another email security threat, which the vendor has dubbed as the ROPEMAKER. Using the ROPEMAKER exploit a malicious actor can change the displayed content in an email at will.This could potentially be exposing hundreds of millions of desktop email client users to security risks.

What is ROPEMAKER?  The ROPEMAKER acronym itself stands for Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky. (Ropemaker Street in London “coincidently” also happens to be the street on which Mimecast has its European headquarters and where most of its threat research team is based.)

In a blog post, Matthew Gardiner, senior product marketing manager, Mimecast writes: "Most people live under the assumption that email is immutable once delivered, like a physical letter.  A new email exploit, dubbed ROPEMAKER by Mimecast’s research team, turns that assumption on its head, undermining the security and non-repudiation of email; even for those that use SMIME or PGP for signing."

Gardiner explains that the origin of ROPEMAKER lies at the intersection of email and Web technologies, more specifically Cascading Style Sheets (CSS) used with HTML.  "While the use of these Web technologies has made email more visually attractive and dynamic relative to its purely text-based predecessor, this has also introduced an exploitable attack vector for email."

To date, Mimecast has not seen ROPEMAKER being exploited in the wild.  "We have, however, shown it to work on most popular email clients and online email services," Gardiner says. 

Described in more detail in a recently published security advisory, Mimecast has been able to add a defense against this exploit and also provide security recommendations  to safeguard emails from this email exploit.

Editor's Choice

The robots are coming: Impact of AI on executive search
As the technology industry’s elite struggle to agree on the potential impact of AI and a raft of people queuing up to advise on the potential disruption it will cause, this article by John Curtis-Oliver, Partner at Boyden studies the potential impact on the executive hiring and the executive search industry.
Saudi Football changes pitch from MBC to STC
The news comes just a few days after the release of Saudi businessman Waleed al-Ibrahim, who has management control of MBC. Reuters reports senior Saudi officials saying that Ibrahim agreed to an “undisclosed settlement after admitting to unspecified violations”.
HetNets: paving the way for “ultraband” age
Over time, telecom operators will provide consumers with a “universal connectivity” service (to rule them all), incorporating Wi-Fi and mobile broadband as a single resource, in an “always best connected” mode, leading to an ultraband connectivity service.

Don't Miss a Story

You may also like

Batelco aims for net profits in the range of BD40 - 45 million in 2018
Operator group's net profits for 2017 declined significantly though the company managed to grow its revenues organically for the first time since 2009
#MWC2018: Spotlight shines on 5G, IoT and AR
Hard to predict what will ‘turn around the fate’ of telecom operators, but there is potential for those who can play the role of enabling platform for new digital services and players, as well as for new features and capabilities across traditional industries, says Luis Cirne, partner, communications, media and technology (CMT) practice at Oliver Wyman
VIVA Bahrain facilitates TRA's SIM registration at UAE Exchange branches
In addition to buying VIVA prepaid recharges and paying post-paid bills, customers can walk into any of the nearest UAE Exchange branch and complete their mandatory biometric registration.
FTA Channel enters new phase in video delivery with SES and MX1
The non-linear distribution service provided through SES's wholly owned subsidiary, MX1, will be the first of its kind in Equatorial Guinea.