DocuSign, a major provider of electronic signature technology, acknowledged today that a series of recent malware phishing attacks targeting its customers and users was the result of a data breach at one of its computer systems. The company stresses that the data stolen was limited to customer and user email addresses, but the incident is especially dangerous because it allows attackers to target users who may already be expecting to click on links in emails from DocuSign.
References: DocuSign Data Breach Led to Targeted Email Malware Campaign | DocuSign Admits Hackers Accessed its Customer Email Database, Sent Out Malware | DocuSign Admits Data Breach That Led to Recent Spam
On May 12, a ransomware attack swept the globe by force, infecting 230,000 computers across more than 150 countries. The ransomware, called WannaCry, targeted businesses running outdated Windows machines. It leveraged an exploit -- a tool designed to take advantage of a security hole -- leaked in a batch of hacking tools believed to belong to the NSA.
Although Microsoft released a patch to fix the exploit in March, which could have easily prevented the attack, many major firms like healthcare and telecom organizations are running on old, outdated technology that no longer receives software updates.
References: Why WannaCry Ransomware Took Down So Many Businesses | WannaCry Ransomware Wasn't The First Malware Using Stolen NSA Exploit | How To Protect Yourself From The Global WanaCry Ransomware Attack
*IP addresses provided by Recorded Future.
Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.