A huge list of malware plague the cybersecurity world and a handful of them have created quite a furor around the world. WannaCry attacks that happened recently is fresh in the users’ memory. Adding to that list is a new malware dubbed ROPEMAKER, abbreviated from Remotely Originated Post Delivery Email Manipulation Attacks Keeping Email Risky.
Using the ROPEMAKER exploit a malicious actor can change the displayed content in an email at will. For example, a malicious actor could swap a benign URL with a malicious one in an email already delivered to your inbox, turn simple text into a malicious URL, or edit any text in the body of an email whenever they want. All of this can be done without direct access to the inbox.
What is ROPEMAKER?
The emergence of ROPEMAKER is a result of the convergence of email and Web technologies, Cascading Style Sheets (CSS) used with HTML, to be precise. The amalgamation of both these technologies has certainly resulted in a visually attractive and dynamic appeal that its text predecessor lacked. However, the feature has led to cracks in the security of email, which allows an attacker to exploit and use it as a vector for a cyber attack.
The remote-control-ability provides opportunities to persons with malicious intentions to direct unsuspecting users to hacker-controlled websites. In addition, the gloomy consequences could arise as a result of the security bypass. With such a potential flaw at the reach of a hacker’s hand, the consequence of the exploitation could be a disaster.
How to mitigate?
Well, as of now, organizations have denied considering ROPEMAKER as a vulnerability. Thus, MITRE Corporation, which assigns CVE codes to vulnerabilities has decided to look the other way. To make the matter worse, even large companies that offer email clients have turned a blind eye and refused to see for what ROPEMAKER is -- a security vulnerability. With this mindset prevalent, there are no immediate fixes or patches available for the users. The latest cybersecurity news regarding the exploit is not very encouraging either. Nevertheless, it is not to say that organizations and vendors are not working behind the covers to build a fix to the vulnerability -- it just means that they are willing to accept it as a flaw publicly.