Cybersecurity researchers have discovered a new attack, in which malicious users spoof DocuSign messages to send malicious documents and phishing links.
Previously, hackers have exploited the trust users associate with DocuSign to pass around fake phishing emails, to pilfer user credentials from all major email providers.
DocuSign is an electronic signature technology used by businesses and individuals to exchange contracts, tax documents and legal materials.
- Here’s our collection of the best eSign software solutions
- Take a look at these best password managers
- We’ve also rounded up the best security keys
The threat actors behind this new wave of phishing attacks, discovered by email security vendor Avanan, are using this legitimate application to pass malicious links.
“E-signature providers such as DocuSign and Adobe Sign typically flatten uploaded document files and convert them into static .pdf files. This does help deter threats such as Macros from being embedded in the document. However, hyperlinks within a .pdf, .docx, etc., get carried on in the document and retain clickability to the end recipients after Signing execution,” explains Avanan’s Jeremy Fuchs in a blog post.
Abusing trust
Avanan explains that although DocuSign has implemented various security measures to prevent malicious documents from being hosted on its infrastructure, a trailblazing attacker could use mechanisms like steganography to override the checks and deliver “a weaponized piece of malware or ransomware.”
Furthermore, Avanan discovered that while embedding booby-trapped files does take some doing, malicious links can be added to any document without any effort or trick.
In his writeup Fuchs argues that this is a particularly effective strategy since it hosts the phishing link on DocuSign’s servers, while keeping the email clean, which helps it get past any security checks imposed by the client clients.
Fuchs notes that Avanan has shared details about this attack vector with the DocuSign information security and threat intelligence team.
- Shield yourself with these best identity theft protection services
