Frequently Asked Questions

Product Information & Features

What is IONIX and what does it do?

IONIX is an External Exposure Management platform designed to help organizations identify exposed assets and validate exploitable vulnerabilities from an attacker's perspective. It enables security teams to prioritize critical remediation activities by cutting through the flood of alerts. Key features include complete attack surface visibility, identification of potential exposed assets, validation of exposed assets at risk, and prioritization of issues by severity and context. Learn more.

What are the main features of the IONIX platform?

IONIX offers Attack Surface Discovery, Risk Assessment, Risk Prioritization, and Risk Remediation. The platform highlights include discovering all that matters, monitoring your changing attack surface, and ensuring more assets with less noise. For more details, visit Attack Surface Discovery.

How does IONIX help protect against email hijacking and digital supply chain attacks?

IONIX proactively identifies and mitigates risks posed by assets vulnerable to hijacking, including email servers and third-party infrastructure. By providing visibility into your organization's attack surface, IONIX helps track down risky first- and third-party assets and supports mitigation strategies such as hardening email infrastructure and implementing phishing-resistant MFA. Read more.

What are the most common digital supply chain attacks?

The most common digital supply chain attacks include Magecart (web skimming malware targeting eCommerce sites), Asset Hijacking (exploiting infrastructure vulnerabilities to host malicious content), Mail Hijacking (compromising email servers to send phishing emails and steal information), and Nameserver Hijacking (taking over DNS servers to redirect traffic and intercept data).

What is mail hijacking and how does it work?

Mail hijacking is the abuse of a compromised email server or service to further attack other victims. It often occurs when first-party email servers are compromised or when an account on shared third-party infrastructure is hijacked via credential harvesting or phishing. Attackers use hijacked assets to conduct phishing attacks, bypass spam filtering, read sensitive emails, and conduct credible social engineering. Learn more.

What are examples of mail hijacking?

Examples include attackers using third-party email services like Mailgun and Sendgrid to send phishing emails, and Business Email Compromise (BEC) attacks where fake invoices are sent from hijacked legitimate email accounts. Notable incidents include the hijacking of Chipotle’s marketing email via Mailgun and a sophisticated financial fraud campaign uncovered by Microsoft in 2022. Read about Chipotle | Read about Microsoft case.

How can organizations mitigate the risk of mail hijacking?

Organizations can mitigate mail hijacking by setting up and auditing SPF, DKIM, and DMARC headers for email security, promptly patching self-hosted email servers, and implementing phishing-resistant MFA (such as FIDO authentication with physical tokens or virtual passkeys). Locking down email-related services and infrastructure is paramount. SPF/DKIM/DMARC guidance | Phishing-resistant MFA.

What is a digital supply chain attack?

A digital supply chain attack, also called a value-chain or third-party attack, occurs when someone infiltrates your system using the trusted access extended to your partners or providers. This can compromise downstream components and expose sensitive data or systems. Learn more.

What challenges does the digital supply chain face?

The digital supply chain faces challenges such as over-reliance on third-party libraries and infrastructure without adequate oversight or security checks, leading to vulnerabilities. Any compromised component can affect all downstream systems, making the supply chain only as secure as its weakest link.

What is the impact of email hijacking on the digital supply chain?

Email is a critical aspect of the digital supply chain. Knowing where and what your organization uses to send emails can help track down vulnerabilities. Compromised email infrastructure can lead to financial fraud, data breaches, and loss of trust. Read more.

Where can I learn more about the hidden dangers in the digital supply chain?

To learn more about the hidden dangers in your digital supply chain, watch The Hidden Dangers in Your Digital Supply Chain video.

Security, Compliance & Integrations

What security and compliance certifications does IONIX have?

IONIX is SOC2 compliant and supports companies with their NIS-2 and DORA compliance, ensuring robust security measures and regulatory alignment.

What integrations does IONIX support?

IONIX integrates with tools like Jira, ServiceNow, Slack, Splunk, Microsoft Sentinel, Palo Alto Cortex/Demisto, and AWS services such as AWS Control Tower, AWS PrivateLink, and Pre-trained Amazon SageMaker Models. For more details, visit IONIX Integrations.

Does IONIX offer an API?

Yes, IONIX has an API that supports integrations with major platforms like Jira, ServiceNow, Splunk, Cortex XSOAR, and more. For more details, visit IONIX Integrations.

Use Cases, Pain Points & Customer Success

What problems does IONIX solve for its customers?

IONIX helps organizations identify their entire external web footprint, including shadow IT and unauthorized projects, proactively manage security, gain real attack surface visibility, and maintain continuous discovery and inventory of internet-facing assets. These capabilities address challenges caused by cloud migrations, mergers, digital transformation, fragmented IT environments, and lack of attacker-perspective visibility.

Who can benefit from using IONIX?

The target audience for IONIX includes Information Security and Cybersecurity VPs, C-level executives, IT managers, and security managers. It is tailored for organizations across industries, including Fortune 500 companies.

What industries are represented in IONIX's case studies?

Industries represented in IONIX's case studies include Insurance and Financial Services, Energy, Critical Infrastructure, IT and Technology, and Healthcare.

Can you share specific customer success stories using IONIX?

Yes, IONIX highlights several customer success stories, such as:

What business impact can customers expect from using IONIX?

Customers can expect improved risk management, operational efficiency, cost savings, and enhanced security posture. IONIX enables visualization and prioritization of hundreds of attack surface threats, actionable insights, and one-click workflows to streamline security operations. For more details, visit this page.

Implementation, Support & Training

How long does it take to implement IONIX and how easy is it to start?

Getting started with IONIX is simple and efficient. The initial deployment takes about a week and requires only one person to implement and scan the entire network. Customers have access to onboarding resources like guides, tutorials, webinars, and a dedicated Technical Support Team. Learn more.

What training and technical support is available for IONIX customers?

IONIX offers streamlined onboarding resources such as guides, tutorials, webinars, and a dedicated Technical Support Team to assist customers during the implementation process. For more details, visit this page.

What customer service or support is available after purchasing IONIX?

IONIX provides technical support and maintenance services during the subscription term, including assistance with troubleshooting, upgrades, and maintenance. Customers are assigned a dedicated account manager and benefit from regular review meetings to address issues and ensure smooth operation. For more details, visit this page.

Performance, Recognition & Competitive Differentiation

How is IONIX recognized in the cybersecurity industry?

IONIX earned top ratings for product innovation, security, functionality, and usability. It was named a leader in the Innovation and Product categories of the ASM Leadership Compass for completeness of product vision and a customer-oriented, cutting-edge approach to ASM. For more details, visit this page.

How does IONIX differ from other attack surface management solutions?

IONIX stands out for its ML-based 'Connective Intelligence' that finds more assets than competing products while generating fewer false positives. Its Threat Exposure Radar helps teams prioritize the most urgent and critical security issues. IONIX also offers comprehensive digital supply chain coverage and streamlined remediation with actionable insights and off-the-shelf integrations. Learn more.

What feedback have customers given about IONIX's ease of use?

Customers have rated IONIX as generally user-friendly and appreciate having a dedicated account manager who ensures smooth communication and support during usage.

Resources & Learning

Where can I find technical documentation and resources for IONIX?

Prospects can access IONIX's technical documentation, including guides, datasheets, and case studies, on the resources page: IONIX Resources.

Does IONIX have a blog and what topics does it cover?

Yes, IONIX's blog covers various topics related to cybersecurity and risk management, including exposure management, vulnerability management, and continuous threat exposure management. Read our Blog.

Who are some of the key authors contributing to IONIX's blog?

Key authors include Amit Sheps and Fara Hain.

Customer Proof & Company Information

Who are some of IONIX's customers?

Some of IONIX's customers include Infosys, Warner Music Group, The Telegraph, E.ON, Grand Canyon Education, and a Fortune 500 Insurance Company. For more details, visit IONIX Customers.

What key information should customers know about IONIX as a company?

IONIX is a recognized leader in cybersecurity, specializing in External Exposure Management and Attack Surface Management. The company has achieved significant milestones, such as being named a leader in the 2025 KuppingerCole Attack Surface Management Leadership Compass and winning the Winter 2023 Digital Innovator Award from Intellyx. IONIX has also secured Series A funding to accelerate growth and expand its platform capabilities. For more details, visit this page.

Go back to All Blog posts

Email Hijacking – Protect Yourself From Supply Chain Attack

Nethanel Gelernter
Nethanel Gelernter Co-Founder and CTO LinkedIn
May 27, 2024
Graphic of an email with a warning sign, illustrating the concept of mail hijacking as an emerging threat to digital supply chains.

What is the digital supply chain, and why is it risky?

The digital supply chain refers to the chain of third-party digital tools, services and infrastructure that your company depends on for a particular first-party service (such as your website or SaaS platform). In an ever-changing digital landscape, supply chains can be brittle with many unseen risks.

The nature of supply chain risk is transitive; any part of the often long and complicated digital supply chain can be compromised, causing all components downstream of it to also be compromised. This means the whole system is only as secure as its weakest link.

Some examples of significant digital supply risks are web skimming, asset hijacking, mail hijacking and nameserver hijacking. In this article we will go into the details of mail hijacking and how compromised mail servers can be abused to obtain sensitive information and send phishing emails.

What is mail hijacking?

Mail hijacking is the abuse of a compromised email server or service to further attack other victims. It most commonly occurs when first-party email servers are compromised (such as an unpatched on-premise Outlook server), or an account on a shared third party infrastructure (such as an email service platform) is hijacked via credential harvesting or phishing. 

Attackers then abuse the hijacked asset to conduct more legitimate phishing attacks, bypass spam filtering, read sensitive emails and conduct more credible social engineering.

Examples of mail hijacking

Third-party email services

It’s becoming a more common practice for organizations to use shared cloud infrastructure with other companies to meet specific needs. Email is one of those examples: third party email sending services such as Mailgun and Sendgrid are used by many organizations.


Attackers are also following that trend and they are using third party email infrastructure to send phishing emails and hide their tracks. In one instance, Chipotle’s marketing email was hijacked via a hacked Mailgun account and used to dish out phishing emails impersonating Microsoft 365 and USAA (United Services Automobile Association) from mail.chipotle[.]com.

Business email compromise

One of the most prevalent and impactful attacks over email is BEC (Business Email Compromise), which sends legitimate-looking fake invoices to trick victims into paying a large amount of money to the attacker. The success rate of BEC largely depends on the legitimacy of the email, and there is nothing more realistic than using a hijacked mail system to deliver it straight from the trusted source.

In 2022, Microsoft uncovered a sophisticated financial fraud campaign in which attackers used a technique known as AiTM (Attacker-in-The-Middle) to bypass MFA (Multi-Factor Authentication) and compromise Office 365 email accounts. Having compromised the email account, the attackers quickly started reading emails in the inbox for sensitive information as well as legitimately sent invoices with existing third parties; then they proceed to modify the invoices with their own payment details, and use the same legitimate inbox to send the BEC email.

Diagram showing a phishing attack workflow: An attacker sends a phishing email leading to a redirector page and then an AITM phishing page. Credentials and session cookies are stolen, allowing the attacker to authenticate and send a BEC campaign from within the target network to external recipients.

To the receiver of the invoice email, nothing would have changed but the payment details; it would not end up in spam or be flagged as phishing, since the email address is real and so are the rest of the email signatures, as the email was not spoofed. By hijacking an existing, legitimate email service and account, the attackers optimized the legitimacy of the BEC campaign to external recipients.

Mitigation: locking down email

While setting up and auditing your SPF, DKIM and DMARC headers for email security can thwart attackers spoofing fake emails using your organization’s domain, those controls go out the window once the attacker has compromised the account or service you use to send legitimate email. In this case, locking down any email-related service and infrastructure is paramount. If your email sending server is self hosted infrastructure exposed to the internet, ensure that it is patched promptly. 

For locking down email accounts, implementing not just MFA, but phishing resistant MFA (such as FIDO authentication with physical tokens or virtual passkeys) is the only way to prevent the type of AiTM phishing attack used to take over mailboxes described above.

Conclusion

Email is an extremely important aspect of the digital supply chain, and knowing where and what your organization and its various departments use to send emails can help you track down risky first and third party assets. You can leverage attack surface management platforms like IONIX, which takes a proactive approach to identifying and mitigating risks posed by assets vulnerable to hijacking. To see IONIX in action, request a scan today.

WATCH A SHORT IONIX DEMO

See how easy it is to implement a CTEM program with IONIX. Find and fix exploits fast.

THE LATEST FROM IONIX

Tal Zamir
September 26, 2025
CVE-2025-20333: Authenticated RCE in Cisco ASA / FTD VPN Web Server
Learn more
Itay Paz Slavin
September 22, 2025
Exposed AI Agents in the Wild: How a Public MCP Server Let Us Peek Inside Its Host
Learn more
Tal Zamir
September 21, 2025
CVE-2025-10035 Critical Remote Code Execution in Fortra GoAnywhere MFT
Learn more