DocuSign Spoof Emails – detect and prevent secure document phishing attacks

DocuSign have admitted they were the victim of a data breach that has led to massive phishing attacks using the compromised DocuSign user data. Secure document phishing attacks are some of the latest in client endpoint exploits that to the unsuspecting user can have serious repercussions. This latest hack resulted in a 3rd party gaining unauthorised access to a list of email addresses stored on an unsecured DocuSign platform – other than this no private user account data was accessed, however this has resulted in a significant volume of ‘spoof’ DocuSign emails being sent to these users in an attempt to trick recipients into opening an attached Word or PDF document that, when clicked, installs malicious software.

The attackers hit a “non-core system that allows us to communicate service-related announcements to users via email”, the company said in a blog post on the incident.

DocuSign have released the following helpful guidance:

What should I do if I receive a suspicious email?

First and foremost, if you don’t recognise the sender of a DocuSign envelope and you are uncertain of the authenticity of an email, look for the unique security code at the bottom of the notification email. All DocuSign envelopes include a unique security code.

If you think that you have received a fraudulent email, please forward the email to spam@docusign.com, then delete the email.

Please check out the DocuSign Trust Center for the most up-to-date information about personal security and review our whitepaper on phishing.

If there is a security code…

  • Access your documents directly from www.docusign.com, click Access Documents then enter the unique security code.

If there is NO security code…

  • DO NOT click on links or open attachments within the email. This is not a valid DocuSign email and it should be sent to our security team immediately at spam@docusign.com

IMPORTANT: If you did click on a link and provided your DocuSign credentials, please be sure to change your password immediately to ensure the security of your account.

Please update and run antivirus immediately to ensure the security of your system or contact your IT support provider for immediate assistance.

Draytek Security Notification – DNS Web Interface Attacks

Users of Draytek routers are vulnerable to a Zero-Day attack unless updating to the latest firmware release which addresses the security flaw. DrayTek announced that hackers are exploiting a zero-day vulnerability to change DNS settings on some of its routers.

Clients using Draytek routers should get in contact to arrange firmware updates on their equipment – clients on our managed IT service contracts have already had these firmware updates applied and need take no further actions.

Further information can be found at www.draytek.co.uk

When the chips are down…. Intel processor security flaws – what you need to know!



F**CKWIT, aka KAISER, aka KPTI, Meltdown & Spectre – Intel CPU flaw needs low-level OS patches.

A fundamental design flaw in Intel’s processor chips has forced a significant redesign of the Linux and Windows kernels to resolve the chip-level security bug. Similar operating systems, such as Apple’s 64-bit macOS, will also need to be updated – the flaw is in the Intel hardware and the only was to fix it is at the Operating System level – or worst case to be totally sure you can go buy a new processor without the design fault.

Microsoft have already released an update which will automatically be applied to Windows 10 machines. For users running any other Operating System we recommend you manually check and apply any pending system updates to ensure you are protected. Antivirus providers are also reacting by releasing software updates to combat any potential risks from the newly discovered flaw.

If you run Sophos (our recommended security software) then you are already protected as updates were released on January 5th. You can read more here – https://community.sophos.com/kb/en-us/128053

Ransomware cyber-attack threat escalating – customer guidance for WannaCrypt attacks.

There have recently been a huge increase in ransomware and cryptolocker attacks. This is rapidly becoming one of the most significant threats to UK organisations.

Friday’s high profile cyber-attack has affected more than 200,000 victims in 150 countries as of Sunday PM 14/05/17.

It is imperative if you are running an affected system that you apply the latest security patch from Microsoft as there are reports of a new version of the ransomware already in circulation.

Microsoft have released guidance for those that may be affected.

Customers who are running supported versions of the operating system (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, Windows Server 2016) will have received the security update MS17-010 in March. If customers have automatic updates enabled or have installed the update, they are protected. For other customers, we encourage them to install the update as soon as possible.

For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010. Customers running Windows 10 are not affected by this attack and need take no action.

 

Three easy things you can do to protect yourself online:

1, Install security patches – keeping your operating system up to date with the latest security hot-fixes and patches is one of the most effective ways to stay safe online.  Automatic updates are enabled by default on the latest Microsoft operating systems.

2, Don’t open unexpected attachments – if you don’t expect to receive an attachment don’t open it. Also do not click on links from within an email. Instead type the website address manually into your web browser if you are unsure.

3, Update to the latest operating system – running older operating systems such as Windows XP means you are more vulnerable to these sorts of attacks. Upgrade where possible to the latest operating system for the most secure experience.

As a silver Sophos partner we have the expertise and experience to plan, deploy and manage your security solution. To find out how boxportable can help secure your business contact us today or to find out more about our recommended security solutions click here.