HomeCII/OTDocusign API Utilized in Large-Scale, Innovative Invoice Attack

Docusign API Utilized in Large-Scale, Innovative Invoice Attack

Published on

spot_img

In a recent development, cybercriminals have been found exploiting a Docusign API in an extensive phishing campaign aimed at sending fake invoices to corporate users. This deceptive tactic is designed to make these invoices appear authentic and bypass typical security defenses and user suspicions, making it more challenging to detect. The campaign, which has been active for several months, involves attackers setting up a legitimate, paid Docusign account to manipulate templates and utilize the API directly, as highlighted in a blog post by security firm Wallarm.

According to the researchers at Wallarm, the attackers are leveraging Docusign’s “API-friendly environment” to carry out their malicious activities. While this environment can offer benefits for businesses, it also inadvertently provides opportunities for cybercriminals to scale their operations. Specifically, the attackers are utilizing Docusign’s “Envelopes: create API” to send a high volume of automated emails directly from the platform to multiple users, using templates that mimic requests to e-sign documents from well-known brands like Norton Antivirus.

To make these fake invoices more convincing, the attackers have employed various tactics, such as providing accurate pricing for products, including expected charges like activation fees, adding wire instructions or purchase orders, and sending multiple invoices with different items. If a user e-signs the document, threat actors can exploit it to request payments from organizations outside of Docusign or forward the signed document through the platform to the finance department for compensation, ultimately committing fraud.

It is worth noting that this type of attack is not limited to Docusign alone, as other e-signature and document services could also be vulnerable to similar exploitation tactics. Fake invoices are commonly used in financially motivated phishing scams, and Docusign, being a widely used platform with over 1.5 million paying customers and 1 billion users globally, is frequently targeted by cybercriminals. The use of an API-based attack can be particularly effective because emails sent directly from Docusign appear legitimate to email services and spam filters, making it harder to detect.

Mitigating these types of cyberattacks involves organizations implementing strict internal procedures for approving purchases and financial transactions, as well as verifying the legitimacy of senders’ email addresses. Service providers like Docusign can also play a role in preventing API abuse by understanding how APIs can be exploited in phishing attacks, conducting regular threat modeling exercises, and applying rate limits to specific API endpoints to deter attackers from scaling their operations.

As cybercriminals continue to evolve and leverage legitimate tools for malicious purposes, it is crucial for organizations to stay vigilant, educate their employees about potential threats, and implement robust security measures to protect against sophisticated attacks. By being proactive and informed, businesses can reduce the risk of falling victim to phishing scams and other fraudulent activities.

Source link

Latest articles

FCC urges immediate cybersecurity upgrade in response to Salt Typhoon espionage incident

The Federal Communications Commission (FCC) has announced new cybersecurity measures aimed at improving network...

Russian hackers take control of Pakistani hackers’ servers for their own purposes

In a recent cyber-espionage revelation, the infamous Russian hacking group Turla, also known as...

Selecting Secure and Verifiable Technologies

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recently released a comprehensive...

CISA Alert: Exploitation of Vulnerabilities in Zyxel, ProjectSend, and CyberPanel Detected

The recent addition of multiple security flaws affecting products from Zyxel, North Grid Proself,...

More like this

FCC urges immediate cybersecurity upgrade in response to Salt Typhoon espionage incident

The Federal Communications Commission (FCC) has announced new cybersecurity measures aimed at improving network...

Russian hackers take control of Pakistani hackers’ servers for their own purposes

In a recent cyber-espionage revelation, the infamous Russian hacking group Turla, also known as...

Selecting Secure and Verifiable Technologies

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recently released a comprehensive...