Overview Of DocuSign Security Breach And WannaCry Ransomware Attack: An Essay.

The DocuSign Security Breach

Question:

Discuss about the Digital Signature Service Occurrence.

Across the digital medium, users are faced by many authenticity and integrity problems because of the pervasive nature of the internet. Moreover, users are forced to operate with other users who are unknown to them. These outcomes force users to use third party members to authenticate their operations, a function offered by DocuSign. Now, the company offers signature services across electronic documents which facilitate business operations among many other functionalities that require user verification. In essence, users will append verifiable signatures to the information they send to other users through the DocuSign portal, a feature that is encrypted with some of the best security protocols. However, this service was heavily exposed and breached in May (2017), when thousands of customer records were leaked by intruders (Ribeiro, 2014).

First, two major forms of attack were conducted, the first still unknown based on its access procedure was the genesis of the problem as it exposed the necessary data to conduct the second attack. In the first attack, intruders were able to access customer records from DocuSign communication system. This information included records of names and contact address (including email). Furthermore, the intruders’ accessed the communication service used by the customers and the organization. Now, the communication service sent emails to customers alerting them on the documents they needed to sign as provided by their affiliate business partners or work members. Therefore, this communication services was the foundation of the DocuSign service. Nevertheless, the access granted through the first breach gave the intruders access to the said information which they used to send phishing emails to the customers, the second form of attack (Mann, 2017).

DocuSign dismissed the attack as it hit the low-level systems which according to them had minimal confidential data that had zero financial records/information. Moreover, the organization claims to have alerted its customers of the impending danger after realising the breach which they also claim helped to contain the problem. However, according to security experts, the main problem outlined in this attack, was the facilitation made by the organization in helping the intruders access customers data and systems which were later used to target them. A serious security violation that targeted customers through legitimate communication systems. In all the attack was conducted in two steps; first, the attackers gained access to the company’ servers i.e. the communication system which held both the details of communication (email address) and the communication facility itself. Thereafter, the intruders sent customers phishing emails in which each customer was requested to open a word document in need of their action (signature). Now, this word document when clicked directed the users to the intruders’ website where their confidential information was requested (Shu, 2017).

Two-Step Attack

Phishing attacks usually target users’ confidential information through duplication or replication techniques, where malware containing malicious applications or systems are sent to unsuspecting cyber systems users. In most cases, the targeting is done using communication channels such as messaging apps and email accounts. The intruders will send emails or messages to the users who naively click on them as they are disguised as the legitimate addresses to different functionalities of organizations (). After clicking the links, the users are sent to false accounts or systems that request, users’ information. In this incidence, the attack happened due to negligence where the host organization surrendered the information owned by its customers to intruders. In fact, without the assistance given to the intruders, the attack would never have happened (Impreva, 2012).

However, the attack did also happen because of the users’ negligence, although filled with many legitimate procedures that would have tricked any vigilant customer, the attack would have been avoided using a watchful eye. Nevertheless, the verifiable accounts were used (DocuSign communication system) which included the company’s logos, communication details and procedures. Therefore, the users would have only noticed the intrusion after clicking on the phishing email which then proceeded to ask for confidential information such as financial records. However, the organization did outline that the attack was a failed attempt as no users financial details were acquired (Mann, 2017).

Targeting customer through phishing attacks can only be solved by user sensitization, this solution happens to be the most effective countermeasure as it prevents all attacks irrespective of the procedure used. Furthermore, it improves the chances of other technical solutions such as firewalls, access control and anti-malware firmware. Therefore, in the first solution (sensitization), the users are familiarised with the attack procedures used by the intruders where emails, messages and adware (pop-ups) are sent to users who click on them either intentionally or unintentionally. After clicking on the said content they are directed to the target systems. Therefore, by having this knowledge the users can be vigilant and avoid any material or link that directs and request any confidential information. Moreover, users should never provide information in any system unless it's completely verified (Parno, Kuo, & Perrig, 2008).

Technically, the solutions start with simple anti-malware applications that root out the phishing malware which provides the first line of defence. Today’s anti-virus systems will alert the users in case their system is compromised more so, by unverifiable links or addresses. Secondly, we have access procedures and securing of end points which in this instance should have been done by DocuSign as they were the root of the problem. As an organization, DocuSign should re-evaluate its security procedures and policies as they were heavily compromised to grant the intruders access. In the future, they should have multiple access control procedures to limit illegal access to their systems (Jain & Jinwala, 2015).

Phishing Attacks and User Sensitization

 Ransomware represents malware attacks that target users’ information by placing systems on lockdown unless ransom payments are made. In essence, the user will fail to access their files and system as a disruption message is displayed on their computer screens requesting for the payment. Intruders using this form of attack will threaten to expose the said information to the public or destroy it which based on the value of the content will arguably push the user to pay the demanded amount. Similarly, the attack at hand was conducted to extort users, however, in this case, the affected came from different parts of the world an extensive intrusion that compromised global functionalities (Emling, 2017).

According to cyber security experts, the May attack signalled the biggest cyber-attack in history as millions of users were affected worldwide by a new and revolutionary ransomware. Now, at the start of the intrusion, 100 countries were affected, an outcome that originated in the United States where the country’s cyber weapons were accessed by a rogue cyber hack team. This team gained access to a vital vulnerability in Windows system which propelled the attack across the world, but with heavy intrusions in the countries of Russia and England (News, 2017).

Starting with Russia and England, the attack targeted different institutions and organizations which nearly crippled the services offered by the public sectors. In England for instance, the health industry was compromised as both employees and patients were unable to access service records through the NHS (National Health system) system. To the employees, they found ransom notes across their screens requesting for $300 payment so as to access their files. Subsequently, the patients also faced the same outcome with some failing to access vital medical procedures including surgeries as their medical records were unavailable for consultation (Islaim, 2017).

However, Russia was the most hit as outlined by the multifaceted attacks that claimed casualties in different sectors of the country. To start with, the malware compromised the public sector by affecting several ministries of the country and including a state owned Railway Company. Furthermore, the attack also took down private organizations in the field of banking. In addition to this, the ransomware did also affect other countries such as Egypt, China and Spain where again the same outcome was experienced (Emling, 2017).

Ransomware represents a group of malware attacks that compromise the system to demand payments or resources and like any other form of malware attacks, they will execute their attacks through the vulnerabilities exhibited in cyber systems. Similarly, the WannaCry targeted cyber systems through the vulnerabilities exposed by Windows systems. However, unlike other common attacks, the WannaCry intrusion was fuelled by serious operational procedures as developed by the National Security Agency (NSA) of the United States. Now, the NSA is known to have several cyber weapons tools which they store for national security procedures. In this case, the vulnerability at hand was known as EternalBlue and it affected Windows networking procedures through its messaging block i.e. SMB. In all, the SMB is an application protocol that resides within the application layer of the TCP/IP model where it facilitates communication of machines in networks (EMC, 2016).

Technical Countermeasures Against Phishing Attacks

SMB will allow users to access files within networks where computers read and write files through the protocol. Moreover, the same protocol will enable computers to request services within networks. It’s therefore, through this procedure that the vulnerability at hand worked. In the attack, the vulnerability was used to access the target machines which were remotely activated using an SMB handshake.

After the access, the payload holding the ransomware program was loaded and activated into the target machine. On activation, the program started scanning for other networks connected to the infected machine and un-secured connections were used to spread the payload even further. Now, it is through this self-replicating procedure that the malware was able to successfully infect many machines across the globe (Islaim, 2017).

WannaCry utilised a serious vulnerability in Windows systems which gave unsolicited access to users systems through the networks they were connected to such as the internet. However, prior to accessing the said vulnerability (EternalBlue), the machines connected to the networks needed to have unsecured access ports for the intruders to deliver the payload which subsequently targeted the said vulnerability.

Therefore, the first step or method that would have been used to prevent the attack was to secure the access systems of networks. This outcome would have been done using several access procedures including access control and firewalls. These procedures would have limited the attacks by isolating the networks access ports (Burgess, 2017).

Secondly, the vulnerability at hand should have been identified by the developers and users alike. The users through their security checks should have assessed the operating systems for any technical glitches which would have been used to develop a solution. Therefore, the attack was propelled by a poor security procedures/policies that failed to identify the threats facing the cyber system. Furthermore, the manufacturer failed to develop a competent system which affected millions of users worldwide, a common occurrence today as developers are more focused on product deployment as compared to security. Therefore, the first line of defence to the attack should have been secure systems as developed by the product developer including inbuilt firewall systems (Burgess, 2017).

References

Burgess. (2017). Everything you need to know about EternalBlue – the NSA exploit linked to Petya. . Wired, Retrieved 24 August, 2017, from: https://www.wired.co.uk/article/what-is-eternal-blue-exploit-vulnerability-patch.

EMC. (2016). Preventing a ransomware disastor. EMC, Retrieved 24 August, 2017, from: https://www.google.com/url?sa=t&rct=j&q=&edata-src=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwiwgdWRi_DVAhWIK8AKHdA9BKEQFggqMAA&url=https%3A%2F%2Fmozy.com%2Fsystem%2Fresource.

Emling, S. (2017). Ransomware Attack Wreaks Havoc Globally. AARP, Retrieved 24 August, 2017, from: https://www.aarp.org/money/scams-fraud/info-2017/how-to-protect-against-ransomware-fd.html.

Impreva. (2012). Phishing made easy: Time to rethink your prevention strategy? HACKER INTELLIGENCE INITIATIVE, Retrieved 28 August, 2017, from: https://www.imperva.com/docs/Imperva-HII-phishing-made-easy.pdf.

Islaim, A. O. (2017). SMB Exploited: WannaCry Use of "EternalBlue". Fire eye, Retrieved 24 August, 2017, from: https://www.fireeye.com/blog/threat-research/2017/05/smb-exploited-wannacry-use-of-eternalblue.html.

Jain, A., & Jinwala, D. (2015). Preventing Phishing Attacks: A Novel Approach. International Journal of Computer Applications , Retrieved 28 August, 2017, from: https://research.ijcaonline.org/volume121/number14/pxc3904521.pdf.

Mann, S. (2017). DocuSign Was Hacked, but It's Not That Bad. Inc Security, Retrieved 28 August, 2017, from: https://www.inc.com/sonya-mann/docusign-hacked-emails.html.

News, B. (2017). Massive ransomware infection hits computers in 99 countries. Technology, Retrieved 24 August, 2017, from: https://www.bbc.com/news/technology-39901382.

Parno, B., Kuo, C., & Perrig, A. (2008). Phoolproof Phishing Prevention. Retrieved 28 August, 2017, from: https://www.netsec.ethz.ch/publications/papers/parno_kuo_perrig_phoolproof.pdf.

Ribeiro, J. (2014). Digital signature service DocuSign hacked, users hit with malicious emails. PC world, Retrieved 28 August, 2017, from: https://www.pcworld.com/article/3196902/security/digital-signature-service-docusign-hacked-and-email-addresses-stolen.html.

Shu, C. (2017). DocuSign confirms customer email addresses were stolen and used in phishing campaign. Tech crunch, Retrieved 28 August, 2017, from: https://techcrunch.com/2017/05/15/docusign-confirms-customer-emails-were-stolen-and-used-in-phishing-campaign/.