New DocuSign Attacks Targeting Organizations Working With Government Agencies


A new wave of sophisticated phishing attacks exploiting DocuSign has emerged, specifically targeting businesses that regularly interact with state, municipal, and licensing authorities.

Cybersecurity researchers have reported a staggering 98% increase in DocuSign phishing URLs between November 8 and 14, compared to the entirety of September and October.

These attacks are particularly dangerous as they exploit the trusted relationships between businesses and regulatory bodies.

Threat actors are impersonating various government agencies, including:

  • Department of Health and Human Services
  • Maryland Department of Transportation
  • State of North Carolina’s Electronic Vendor portal
  • Cities of Milwaukee, Charlotte, and Houston
  • North Carolina Licensing Board for General Contractors

Cybersecurity analysts at SlashNext observed The attackers use legitimate DocuSign accounts and APIs to create convincing fraudulent documents, making them difficult to detect.

These phishing attempts often involve time-sensitive requests, such as licensing renewals, change orders, or compliance issues, pressuring victims to act quickly without proper verification.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

Technical Analysis

In one example, a contractor in Milwaukee might receive a notification supposedly from the city’s Department of Public Works regarding a $2.8 million project, requesting immediate approval of a $175,000 change order.

Fake DocuSign Impersonation (Source – SlashNext)

Another scenario involves a North Carolina contractor receiving an urgent request for an $85,000 “emergency compliance bond” to prevent a project shutdown.

These phishing attempts are effective because they:-

  1. Utilize legitimate DocuSign infrastructure
  2. Target businesses during predictable licensing cycles
  3. Include accurate industry-specific terminology and pricing
  4. Bypass traditional email security filters

Victims face immediate financial losses from unauthorized payments and potential long-term disruptions to their operations, such as delays in contract renewals or project bids.

The uncertainty created by these attacks can stall bidding processes and jeopardize ongoing contracts.

To combat these threats, businesses should:-

  1. Establish robust verification processes for sensitive communications
  2. Educate staff on recognizing phishing attempts
  3. Install the DocuSign app on mobile devices for added security

Organizations are advised to be suspicious of unexpected emails, verify sender information, and report suspicious DocuSign-themed emails to their IT/security teams.

As these attacks continue to evolve, it’s crucial for businesses, especially those working with government agencies, to remain vigilant and implement proper security measures to protect their operations and maintain regulatory compliance.

Analyze cyber threats with ANYRUN's powerful sandbox. Black Friday Deals : Get up to 3 Free Licenses.



Source link