Tuesday, May 23, 2017
Preliminary reports from forensic investigators indicated no names, physical addresses, passwords or sensitive data were stolen. DocuSign customer privacy and documents remain intact, and the company has asked users to forward suspicious emails to firstname.lastname@example.org.
Security analysts say DocuSign's use of push notifications makes the company attractive to email scammers. "The DocuSign business model relies on a DocuSign branding push via their notification emails, and that makes them and their customers more vulnerable to attacks such as this," said John Gunn, Chief Marketing Officer at VASCO Data Security International Inc. "No one is immune to the threat of attacks, but we believe that our twenty years of experience in the IT security segment is a real asset for us and our customers."
Doron Davidson, co-founder, Vice President Business Development and Customer Success at SecBI Ltd., noted the email scheme is a continuation of phishing trends designed to lure users to open malware-laden documents. "This illustrates that, time and again, cyber criminals manage to breach the trust between users and security vendors, and penetrate organizations," he said. "Even more worrying is the fact that the documents were weaponized with the Hancitor downloader. Hancitor downloads either the credential-stealing Pony, EvilPony or ZLoader malware."
Davidson said it is fortunate that DocuSign detected and contained the breach before sensitive information was ex-filtrated across the company's 250,000 business accounts and 100 million end users. "We see this as another failure of prevention mechanisms and hope that many more organizations will assume a breach at one point or another and proactively seek to hunt these threats," he added.
The DocuSign security team posted the following additional recommendations on the company's website for protecting against phishing attacks:
Learning to properly detect and avoid online and email scams is the best protection against fraud, the company stated. "The Internet is a critical component to your business and to conducting business on the DocuSign Global Network," DocuSign analysts wrote. "Those committing fraud seek to take advantage of this trusted relationship for illegal purposes. DocuSign continuously monitors for such activity in order to help safeguard our customers' information, documents and data."
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.