Avanan researchers recently published a report in support of cyber security awareness month that follows several Docusign phishing campaigns. According to Avanan researchers, recent impersonation phishing attempts have switched focus from targeting or impersonating C-Suite executives towards targeting non-executive employees. Only approximately 30% of impersonated emails targeted executives, likely due to the increased attention and protection being applied to such attempts. While attacks from prior years have utilized spoofed Docusign documents and links, threat actors have moved into directly utilizing Docusign accounts in order to distribute malware via malicious documents.
So called whaling attacks, where a high-level executive is targeted or impersonated, have been a primary tactic for both APT and financially motivated threat groups. However, in support of the underlying themes of cyber security month, it’s essential to realize that any employee with access to an organization’s network or confidential information can be the subject of such an attack. Phishing attacks are often utilized to gain initial footholds that are then leveraged for more substantial access via privilege escalation and lateral movement techniques. Docusign requests will never require a user to directly enter email credentials, but instead generate a code that is sent to the user.