Malicious Emails Sent to Stolen DocuSign Addresses

DocuSign Inc., which provides digital signature services, reports 200 million users at more than 300,000 companies located in 188 countries.

On May 9,
the San Francisco-based firm issued an alert warning clients about a malicious email campaign that contained a link to a contaminated Word Document.

The email fraudulently appeared to be from DocuSign and was designed to trick the recipient into running macro-enabled-malware.

Another
malicious email campaign was disclosed nearly a week later under a different subject line.

A subsequent alert stated, “as part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email.”

DocuSign said a
“complete forensic analysis” confirmed that only email addresses were accessed and not any other more sensitive data or documents.

“We took immediate action to prohibit unauthorized access to this system, we have put further security controls in place, and are working with law enforcement agencies,” the notice stated.

DocuSign advised clients to forward suspicious emails to [email protected], delete emails with
specific subject lines and ensure anti-virus software is up-to-date.

An entry Tuesday from DocuSign addressed the Microsoft Security Bulletin MS17-010 and ransomware.

“Recently we’ve seen increased concern and discussion around an exploit released by Shadow Brokers which was acknowledged by Microsoft on March 14th, 2017,” today’s notice stated. “This issue involves SMBv1 and how it handles specially crafted requests to a host impacted by this vulnerability. This exploit is also being leveraged in the WannaCrypt/WannaCry ransomware campaign which has been in the media recently.”