April 15, 2021

Volume XI, Number 105

Advertisement

April 14, 2021

Subscribe to Latest Legal News and Analysis

April 13, 2021

Subscribe to Latest Legal News and Analysis

April 12, 2021

Subscribe to Latest Legal News and Analysis

DocuSign Alert: New Malicious Hacking Tool Mimicking DocuSign Observed

On April 6, 2021, DocuSign issued an Alert notifying users of a new malicious hacking tool that is mimicking DocuSign to drop malware into victims’ systems. According to the Alert, the document building tool, dubbed “EtterSilent,” “creates Microsoft Office documents containing malicious macros or attempts to exploit a known Microsoft Office vulnerability (CVE-2017-8570) to download malware onto the victim’s computer. This activity is from malicious third-party sources and is not coming from the DocuSign platform.”

The Alert further states “[T]o date, the malicious documents have been observed to deliver many different malware families such as Trickbot, QBot, Bazar, IcedID and Ursnif. These types of maldocs are typically delivered to victims via phishing attacks.”

DocuSign provides the Indicators of Compromise in the Alert, which can be accessed here.

Since EtterSilent is released using macros, it is worth alerting company users that downloading macros is highly suspicious, and that they may wish to reach out to information technology professionals before downloading macros included in a document or link. If a company routinely uses DocuSign, alerting users to this scheme may help them avoid becoming a victim.

Advertisement
Copyright © 2021 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XI, Number 98
Advertisement
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353
Advertisement
Advertisement