Cloud Security, Cloud Security

Novel attack used DocuSign exploits trusted cloud services

Share

An Armorblox report revealed that threat actors have launched an advanced phishing campaign leveraging DocuSign and a compromised email domain of a third party against a leading US-based integrated payments solution firm in an effort to exfiltrate Microsoft Outlook login credentials, according to Threatpost. Researchers noted that nearly 550 employees of the targeted firm were sent the same emails from "Hannah Mcdonald" that includes a link for a revised contract. Recipients clicking the link have been redirected to a DocuSign preview of an electronic document, which researchers found to be hosted on the legitimate cloud-based prototyping portal Axure, and those who have put their login credentials on the phony Microsoft single sign-in login page could have been compromised, researchers said. Meanwhile, the emails' TermBrokersInsurance domain origins helped facilitate concealment. Armorblox product marketing manager Lauryn Cash said the incident highlighted the importance of integrated cloud email security as part of an organization's collection of security tools. "Tools that leverage natural language understanding (NLU) can help stop zero-day attacks," Cash said.

An In-Depth Guide to Cloud Security

Get essential knowledge and practical strategies to fortify your cloud security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.