BreachExchange mailing list archives
Phishing attack targets DocuSign and SharePoint users
From: Sophia Kingsbury <sophia.kingsbury () riskbasedsecurity com>
Date: Tue, 6 Jul 2021 15:45:35 -0400
https://www.scmagazine.com/home/security-news/phishing-attack-targets-docusign-and-sharepoint-users/ Researchers reported on Friday that cybercriminals are mimicking legitimate correspondence to actively target popular cloud applications DocuSign and SharePoint in phishing attacks designed to steal user log-in credentials. In a blog by the Bitdefender Antispam Lab, the researchers said most of the emails use COVID-19 as a way to dupe users into clicking on a bogus document. For example, the email will ask the user to review a “Covid 19 relief fund as approved by the board of directors.” The Bitdefender team said the phishing attack was spotted on June 24 and appears to have originated from the United States. The researchers said 33% of the fake emails reached users in the United States; 26% in Ireland; 14% in Korea; 12% in Sweden; 5% in Denmark; and 1% in Finland, the U.K., and India. While there are no foolproof controls, A.J. King, chief information security officer at BreachQuest, said tops on the list for preventing these attacks include secure email gateways, multi-factor authentication and domain-based message authentication, reporting and conformance (DMARC). King added that all those controls will fail from time to time, so security teams need to invest in security awareness training so users can quickly recognize the signs of a phish. He also said companies should install a “Report Phish” button into the company’s email client so users can easily report a questionable email. Security teams can integrate the “button” with the company’s secure email gateway solution so it can do sandbox analysis of the email, automated blocking and removal from the rest of the environment if determined malicious, and notification to the corporate security team. “Companies should also have a security operations team, properly equipped to monitor logs for alerts around impossible geographical travel, log-ins from a new location, or suspicious user activity,” King said. “They can quickly take emergency action to revoke compromised users credentials, reset tokens, and look for signs of further compromise.”
_______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Phishing attack targets DocuSign and SharePoint users Sophia Kingsbury (Jul 07)