Ropemaker allows attacker to change mail after delivery

Turn of a new threat via email. This is ROPEMAKER, which allows attackers to change the mail once it has been delivered. The operation is as follows. An attacker sends an email in HTML format, but instead of using the CSS embedded in the code, he uses a CSS file loaded from his server.

ROPEMAKER allows the attacker to modify the mail after delivery

The idea is to send an email that is not dangerous and that the attacker will be able to modify later. In order to be able to attack the user in question. Since the first email will pass all security controls without problems.

ROPEMAKER: Threat in email

The first email passes all security controls. And it also happens with the second, since the changes that are introduced are not detected. This occurs because the security systems do not control a message that is in the inbox again, but they analyze the new messages that arrive in it.

These are invisible attacks for email scanners. Although, for this type of attack they use the Matrix exploit, which stands out for its large size. So it would be possible to configure some email security products to detect it.

Although security experts want to reassure users. These types of attacks with ROPEMAKER are not common. Only a few have been detected. Although it is a threat that exists, it is not something that seems to happen or happens very often. The recommendation is to keep the equipment updated, especially all your security systems. In order to avoid problems such as those that ROPEMAKER can cause us.