Cybersecurity Alert: WannaCry Updates, DocuSign Breach, and Executive Order

May 16, 2017

This alert contains information about WannaCry ransomware updates, breach at DocuSign, and President Trump's executive order on cybersecurity.

WannaCry Ransomware Updates

The ongoing WannaCry ransomware attack that started in Europe on Friday, May 12, continues to spread. WannaCry has locked over 300,000 computers across multiple countries and industries, including healthcare providers, financial service firms, and more. Infection is believed to continue to be via the SMB MS17-010 vulnerability. Several malware variants have been discovered with at least two different "kill switch" domains. Researchers have been registering the new domains as they're identified, but an attacker could potentially change the malware by removing the kill-switch functionality completely, making it more difficult to stop new variants. Some "patched" variants (i.e., with the machine code altered with a hex editor) without the "kill switch" have been reported. However, these variants are most likely experiments by researchers and/or pranksters.

For more information, see: https://blogs.technet.microsoft.com/mmpc/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/

ACA Aponix Guidance

ACA Aponix recommends taking the following precautionary measures:

  • Apply the latest security updates from Microsoft and install future updates as soon as they are released.
  • Block port 445 using a hard firewall rule, in addition to blocking third parties with direct network access from port 445 access, to prevent the worm from tunneling from a partner's network.
  • Do not open attachments in emails from senders you don’t know.
  • Enable the "Show file extensions" option on your computer. This will make it much easier to identify malicious files. Do not open files with extensions such as ".exe," ".vbs," and ".scr."  

ACA Aponix weekly external scans indicate if your network perimeter is susceptible to the Microsoft MS17-010 vulnerability, and our team has reached out to those who are vulnerable.


DocuSign Breach

DocuSign, a provider of electronic signature technology, announced that they experienced a data breach where a malicious third party stole a list of their customers. This led to recent phishing attacks targeting their customers through an email campaign containing a downloadable Microsoft Word document infected with malware. From their investigation, DocuSign confirmed that the stolen data was limited to email addresses and no other data or customer documents were accessed.

For more information, see: https://trust.docusign.com/en-us/personal-safeguards/

ACA Aponix Guidance

ACA Aponix recommends taking the following precautionary measures:

  • If you receive an email with a link to a DocuSign file, do not click the link to view the DocuSign file and access your documents directly by visiting docusign.com;
  • Report any suspicious emails to spam@docusign.com. Suspicious emails may link to a document you weren’t expecting, or may contain typos;
  • Delete suspicious emails;
  • Block inbound Microsoft Office document attachments that contain macros; and
  • Delete/purge sensitive documents through DocuSign retention rules (more details available here: https://support.docusign.com/knowledgemarket/Document-Retention-and-Purging).  

President Trump Signs Executive Order on Cybersecurity

On Thursday, May 11, President Trump signed an executive order designed to strengthen the cybersecurity of federal networks and critical infrastructure. The order mandates that federal agencies leverage the National Institute of Standards and Technology (NIST) Framework. The order also requires federal agencies to identify critical infrastructures (e.g., financial services, energy, healthcare) and work with private industry to protect them. As a result, this may drive federal regulators such as the SEC to focus on NIST implementation for the firms they are regulating and enhance scrutiny in these areas. It's expected that publicly traded firms will be required to increase their level of transparency around cybersecurity protections, as the Department of Commerce has been tasked to generate a report within 90 days on how to best promote market transparency.

For more information, see the press release from the White House: https://www.whitehouse.gov/the-press-office/2017/05/11/presidential-executive-order-strengthening-cybersecurity-federal

If you have any questions, please contact your ACA Aponix consultant or email us at info@acaaponix.com.