Data Breach Leads to Malicious Spam

By Sandy Bobhate

Cyber-attack is becoming the biggest threat in today’s world. Cyber-attackers can target any individuals, organizations or groups and they can steal or destroy personal/company data. Recently, a San Francisco-based electronic signature vendor became a victim of a cyber-attack. Just as the world was trying to cope with the Ransomware attack that shook every IT/NON-IT organization throughout the globe, DocuSign encountered another form of data breach attack. Such attacks are just an example of how critical users’ awareness is and should be a top priority for every organization. Users should be attentive and watchful of any suspicious email or activity from a forged source and refrain from any activity that could trigger the attack (clicking on the email, downloading an attachment, opening a link, etc.)

Data Breach Attack e.g. DocuSign

DocuSign, an electronic signature technology provider, reported on Monday, May 15th, 2017 that an increase in malware phishing attacks targeting its customers and users over the last week, were the result of a security breach in the DocuSign system. The company assures that the data stolen was limited to customer and user email addresses, but the effects could be severe as it allows attackers to target users who may already be expecting to click on links in emails from DocuSign. (Source: https://krebsonsecurity.com/2017/05/breach-at-docusign-led-to-targeted-email-malware-campaign/)

 How was the firm attacked?

A third party accessed a “temporary separate, non-core system,” gaining access to users email addresses. The malicious emails sent to those addresses used the DocuSign brand and contained an attached Word document that installs malware when opened.

“They may appear suspicious because you don’t recognize the sender, weren’t expecting a document to sign, contain misspellings (like “docusgn.com” without an ‘i’ or @docus.com), contain an attachment, or direct you to a link that starts with anything other than https://www.docusign.com or https://www.docusign.net,” reads the advisory.

DocuSign Company Statement

  • “A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents, and data remain secure.”
  • The company also stated that it took immediate action to increase security and is working with law enforcement.
  • DocuSign asked users to be vigilant of links that do not match the company’s official domains, https://www.docusign.com or https://www.docusign.net.
  • DocuSign also adds it will never ask recipients to open a PDF, Office document or ZIP file in an email.
  • Suspicious emails should be forwarded to spam@docusign.com and then deleted. If you have reasons to expect a DocuSign document via email, don’t respond to an email that looks like it’s from DocuSign by clicking a link in the message. When in doubt, access your documents directly by visiting com, and entering the unique security code included at the bottom of every legitimate DocuSign email.

Conclusion:

DO NOT DOWNLOAD any files and transfer any files from a strange website or an email. If suspicious, please engage the relevant authority to verify if the email sent to you is legit. Do keep updates on security and patch of any software that is in use. 

Security Awareness Training:

To help your workforce be aware of similar phishing activities or to help them report these types of activities use PhishPro. PhishPro has the tools, including a plugin for Outlook and Outlook Web Access to report any phishing activities, plus you as an organizational administrator can run simulated phishing exercises for your workforce to help them better recognize possible phishing emails PhishPro also has a security awareness training section to help educate your workforce about the threat of phishing attacks.