logo

Information Security Report | Attack On DocuSign

   

Added on  2020-02-24

10 Pages2566 Words57 Views
Running head: INFORMATION SECURITYAssessment item 2 [Student Name Here][Institution’s Name Here] [Professor’s Name Here][Date Here]

INFORMATION SECURITY2Table of ContentsPart A: DocuSign................................................................................3The problem.......................................................................................3How and why.....................................................................................4Solution..............................................................................................5Part B: May 2017 Ransomware attack (WannaCry)......................6The problem.......................................................................................6Who and how.....................................................................................6Attack method....................................................................................7Solution..............................................................................................8References............................................................................................9

INFORMATION SECURITY3Part A: DocuSignThe problemAcross the digital medium, users are faced by many authenticity and integrity problemsbecause of the pervasive nature of the internet. Moreover, users are forced to operate withother users who are unknown to them. These outcomes force users to use third party membersto authenticate their operations, a function offered by DocuSign. Now, the company offerssignature services across electronic documents which facilitate business operations amongmany other functionalities that require user verification. In essence, users will appendverifiable signatures to the information they send to other users through the DocuSign portal,a feature that is encrypted with some of the best security protocols. However, this service washeavily exposed and breached in May (2017), when thousands of customer records wereleaked by intruders[ CITATION Rib14 \l 2057 ].First, two major forms of attack were conducted, the first still unknown based on its accessprocedure was the genesis of the problem as it exposed the necessary data to conduct thesecond attack. In the first attack, intruders were able to access customer records fromDocuSign communication system. This information included records of names and contactaddress (including email). Furthermore, the intruders’ accessed the communication serviceused by the customers and the organization. Now, the communication service sent emails tocustomers alerting them on the documents they needed to sign as provided by their affiliatebusiness partners or work members. Therefore, this communication services was thefoundation of the DocuSign service. Nevertheless, the access granted through the first breachgave the intruders access to the said information which they used to send phishing emails tothe customers, the second form of attack[ CITATION Man17 \l 2057 ].

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
CSI2102 - Information Security - Assignment
|11
|2643
|76

Search the Web for News on Computer Security Breaches
|7
|2118
|43

San Zaw and Vasupongayya 2019
|18
|1141
|24

Computer Security Breach: Torrance Memorial Medical Center
|9
|2442
|105

Effectiveness of Social Engineering
|5
|782
|81

Cybersecurity Issues at JK Company
|11
|3067
|80