Over the past five months, there has been an increase in reports of these malicious campaigns, and discussions about fraudulent activities have surged on DocuSign's community forums. These reports reveal a concerning trend in which the threat actors are not only impersonating legitimate companies but are also infiltrating official communication channels to carry out these schemes. The discussions in DocuSign's community forums indicate that these incidents are not isolated, manual attacks; rather, they appear to be systematic operations that require automation. A threat actor can send out large volumes of fraudulent invoices with minimal manual intervention utilizing resources like the Envelopes: create API.
Recommendations
- Avoid clicking links, responding to, or otherwise acting on unsolicited emails.
- Confirm requests from senders via contact information obtained from verified and official sources.
- Keep systems up to date and apply patches after appropriate testing.
- Implement cybersecurity best practices to reduce risk and increase resiliency to cyber threats.
- Utilize monitoring and detection solutions to identify suspicious login attempts and user behavior.
- Conduct continuous monitoring and threat hunting. Ingest techniques found in the Wallarm article into endpoint security solutions.
- Consider leveraging behavior-based detection tools rather than signature-based tools.
- Report phishing and other malicious cyber activity to the FBI's IC3 and the NJCCIC.
