DocuSign data breach Led to Targeted Email Malware Campaign
While we all were busy in the WannaCry ransomware menace, ii separate data breaches have been reported, one in DocuSign, a major provider of electronic signature technology, and another in BELL, Canadas largest telecommunications company.
In a mark on its website on Tuesday, DocuSign confirmed a breach at one of its email systems when investigating the do of an increase in DocuSign-impersonating phishing emails.
A malicious third party had gained temporary access to a separate, non-core system that allows us to pass service-related announcements to users via email, DocuSign said in the announcement.
An unknown hacker or group of hackers managed to transgress one of the electronic signature technology providers email systems and steal a database containing the email addresses of DocuSign customers.
The attackers then used the stolen data to conduct an extensive phishing drive to target the DocuSigns users over the past week.
The phishing email masqueraded as documents sent from another company with the subject line Completed *company name* accounting Invoice *number* document Ready for Signature, needing a digital signature from the recipient.
The emails, sent from domains including firstname.lastname@example.org, included a downloadable Microsoft Word document, which when clicked, installs macro-enabled-malware on the victims computers.
WHAT type OF INFORMATION?
The companion said only email addresses of its customers had been accessed in the breach.
However, DocuSign assured its customers that no names, physical addresses, passwords, social security numbers, credit card information or any other information had been accessed by the attackers.
No content or any customer documents sent through DocuSigns eSignature system was accessed; and DocuSigns core eSignature service, envelopes and customer documents, and data remain secure, the companion stressed.
HOW MANY VICTIMS?
The number of victims affected by the phishing campaign has not been confirmed, but DocuSign encourages its customers to use the DocuSign trust center to assist them protect themselves and their employees from phishing attacks.
WHAT IS DOCUSIGN DOING?
In an attempt to protect its customers, DocuSign has immediately restricted unauthorized access to its system and placed further certificate controls in set to hardened the certificate of its systems.
The fellowship is also actively working with law enforcement authorities on the investigation of this matter.
WHAT SHOULD DOCUSIGN CUSTOMERS DO?
DocuSign recommended its users to delete any email with the following case line:
Completed: [domain name] wire transfer for recipient-name Document Ready for Signature
Completed: [domain name/email address] Accounting Invoice [Number] Document Ready for Signature.
If you find any suspicious email, you should forward it to the companys spam address, advised DocuSign.
Also, if the email looks like it has come from DocuSign, just doh not respond to that email or click on any link provided in the message.
Instead, access your documents directly by visiting DocuSign official website, and entering the unique security encrypt provided at the bottom of every legit DocuSign email.
The companion also informed its users that DocuSign never asks recipients to open any PDF, office document or ZIP file in an email. last but not the least, always wee-wee sure your antivirus software is up-to-date.
Source: The Hackers news (https://thehackernews.com/2017/05/DocuSign-data-breach.html)