While WannaCry is Making Headlines Docusign Breach Quietly Endangers Users

Rather than write the 1000th post about WannaCry (although our Partners at Proofpoint, their Engineer Darien Huss and a fellow called MalwareTech deserve a serious shout-out from the world for stopping WannaCry) I decided to cover something with potentially huge financial implications that has virtually gone under the radar by comparison.

While WannaCry was grabbing the cybersecurity headlines for the week, it turns out that online signature giant DocuSign was more quietly and in a rather methodical fashion, publicly disclosing the details of a significant and serious cyberbreach themselves.

Here’s an abbreviated timeline of what we know so far from DocuSign themselves.

Update 5/9/2017 – Malicious Email Campaign

DocuSign is tracking a malicious email campaign where the subject reads: “Completed: docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature”.

The email contains a link to a downloadable Word Document which is designed to trick the recipient into running what’s known as macro-enabled-malware.

Update 5/15/2017 – Malicious Email Campaign

DocuSign is tracking a malicious email campaign where the subject reads: Completed *company name* – Accounting Invoice *number* Document Ready for Signature;The email contains a link to a downloadable Word Document which is designed to trick the recipient into running what’s known as macro-enabled-malware.

These emails are not associated with DocuSign. They originate from a malicious third-party using DocuSign branding in the headers and body of the email. The emails are sent from non-DocuSign-related domains including dse@docus.com. Legitimate DocuSign signing emails come from @docusign.com or @docusign.net email addresses.

Update 5/15/2017 – Latest update on malicious email campaign

Last week and again this morning, DocuSign detected an increase in phishing emails sent to some of our customers and users – and we posted alerts here on the DocuSign Trust Site and in social media. The emails “spoofed” the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software. As part of our process in response to phishing incidents, we confirmed that DocuSign’s core eSignature service, envelopes and customer documents remain secure.

However, as part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core communication system used for service-related announcements that contained a list of email addresses. A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.

Update 5/16/2017 @ 8:55 Pacific Time – Key Update on Malicious Campaign

Q: Have the email addresses of my employees, customers or customers’ customers been exposed as part of this incident?
A: As part of our ongoing investigation, we can now confirm that no signers were on the list of email addresses that was accessed maliciously unless they had signed up for a DocuSign account. That could include direct DocuSign customers; someone who signed a document and elected to open a DocuSign account; or someone who signed up for a DocuSign freemium account – via docusign.com, through a partner integration, or via the DocuSign mobile client.

Update 5/17/2017 @ 1:02 PM Pacific Time – New Phishing Campaign Discovered Today

DocuSign has observed a new phishing campaign that began the morning of May 16 (Pacific Time). The email comes from “dse@dousign.com” with the subject “Legal acknowledgement for <person> Document is Ready for Signature” and it contains a link to a malicious, macro-enabled Word document. We suggest you do not open this email, but rather delete it immediately.

The Ultimate Phishing Scam?

This may very well be the ultimate spear phishing campaign. While the number of email addresses compromised has not been disclosed, we can assume it is A LOT and a considerable portion of those affected routinely use DocuSign multiple times a month, if not weekly or daily. Since DocuSign emails are both expected and “trusted” we can only further assume that these phishing campaigns are being effective. No official report on just how effective, so far, but perhaps we’ll get an update further details emerge.

It seems likely that this scam will continue for a very long time given that DocuSign reportedly has 100 million users.

The Lesson You Can Learn

“However, as part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core communication system used for service-related announcements that contained a list of email addresses.” (Emphasis added)

The lesson to be learned here is that in today’s world no part of your network can be considered “non-core” when it comes to security. If the data is worth saving within your network, it is worth protecting!

Konsultek and Its Partners

Konsultek and its partners like Proofpoint, CheckPoint, ForeScout, CarbonBlack and many others work together to build custom security solutions for businesses of all sizes in all markets. When you’re ready to learn about your network vulnerabilities and how to correct them please give us a call.


2017 Cisco Annual Cybersecurity Report Insights

The 2017 Cisco Annual Cybersecurity report was just published. Weighing in at 110 pages and filled with detailed analysis, this is a report that should be downloaded and reviewed by anyone with an interest in the ever changing cybersecurity landscape.

Here are some of the major findings outlined in the report:

● The top constraints to adopting advanced security products and solutions, according to the benchmark study, are budget (cited by 35 percent of the respondents), product compatibility (28 percent), certification (25 percent), and talent (25 percent).

● The Cisco 2017 Security Capabilities Benchmark Study found that, due to various constraints, organizations can investigate only 56 percent of the security alerts they receive on a given day. Half of the investigated alerts (28 percent) are deemed legitimate; less than half (46 percent) of legitimate alerts are remediated. In addition, 44 percent of security operations managers see more than 5000 security alerts per day.

● Twenty-seven percent of connected third-party cloud applications introduced by employees into enterprise environments in 2016 posed a high security risk. Open authentication (OAuth) connections touch the corporate infrastructure and can communicate freely with corporate cloud and software-as-a-service (SaaS) platforms after users grant access.  See our previous post on private vs. public cloud

● According to the Security Capabilities Benchmark Study, organizations that have not yet suffered a security breach may believe their networks are safe. This confidence is probably misplaced, considering that 49 percent of the security professionals surveyed said their organizations have had to manage public scrutiny following a security breach. 6 Executive Summary and Major Findings Cisco 2017 Annual Cybersecurity Report

● The Cisco 2017 Security Capabilities Benchmark Study also found that nearly a quarter of the organizations that have suffered an attack lost business opportunities. Four in 10 said those losses are substantial. One in five organizations lost customers due to an attack, and nearly 30 percent lost revenue.

● When breaches occur, operations and finance were the functions most likely to be affected (36 percent and 30 percent, respectively), followed by brand reputation and customer retention (both at 26 percent), according to respondents to the benchmark study.

● Network outages that are caused by security breaches can often have a long-lasting impact. According to the benchmark study, 45 percent of the outages lasted from 1 to 8 hours; 15 percent lasted 9 to 16 hours, and 11 percent lasted 17 to 24 hours. Fortyone percent (see page 55) of these outages affected between 11 percent and 30 percent of systems. See our recent post on Business Continuity

● The 2017 Security Capabilities Benchmark Study found that most organizations rely on third-party vendors for at least 20 percent of their security, and those who rely most heavily on these resources are most likely to expand their use in the future. Review Konsultek’s Managed Security Services

Konsultek Knows Security

When it comes to protecting organizational assets within your network, Konsultek shines. Our engineers’ consultative approach to security means that every organization gets the custom security solution that is right for them, not some off the shelf bundle of products. If you are ready to learn how you can take your organization’s network security to the next level, give us a call.


Tempering Human Factors Vulnerabilities

Harvard Business Review recently published a very insightful piece I highly recommend you read in its entirety called “Cybersecurity’s Human Factor: Lessons from the Pentagon” .

For those of you who just want the highlights, here is a quick synopsis of what I found to be the most fascinating aspects of the article.

From Bumbling Colossus to Nimble Defender

In the not-so-long-ago dark days of network security, the US military struggled to identify and defend against threats.  All that has changed and from September 2014 to June 2015 the military rebuffed 30 million malicious attacks! Still a few got through but only 0.1% compromised systems in any way. An impressive record given the State sponsored adversaries the military must repel day in and day out.

While technical fortifications are important, what has really set the military on its trajectory to invulnerability has been its focus on eliminating human error. If you have read this blog for any length of time you know that we consistently emphasize not only the best technology but also the best in processes for this very reason.

Learning from the Admiral Himself

The US Navy Nuclear program has long been the quintessential example of a well-run, mistake free organization, what is nowadays referred to as an HRO or High Reliability Organization. The fundamental principles of the Navy Nuke program have since been transferred to other industries such as airlines, air traffic control, space flight and others. Admiral Hyman Rickover, the “Father of the Nuclear Navy” demanded excellence and adherence to process and for the span of his career personally interviewed all applying Officer Candidates.

Six Principles Every Organization Should Adopt to Ensure Security

1. Integrity – Never depart from protocols and report errors immediately

2. Depth of Knowledge – Fully understand the system’s you are responsible and their vulnerabilities

3. Procedural Compliance – Follow protocols to the letter

4. Forceful Backup – All critical activities should be closely monitored

5. A questioning Attitude – While unquestioning compliance to procedure is necessary questioning things that appear outside of the norm is equally important

6. Formality in Communication – Familiarity and slang lead to miscommunication, Formality in communication eliminates these misunderstandings.

Examples of Cyber Security Failures and the Policies that Were Violated

What the authors have found is that Cybersecurity breaches caused by human mistakes nearly always involve the violation of one or more of these six principles.  As you read them you will undoubtedly recognize some of the same behaviors in your own organization or at least easily imagine that they might very well be happening without your knowledge.

Here’s a sample of some the Defense Department uncovered during routine testing exercises:

  • A polite headquarters staff officer held the door for another officer, who was really an intruder carrying a fake identification card. Once inside, the intruder could have installed malware on the organization’s network. Principles violated: procedural compliance and a questioning attitude.
  • A system administrator, surfing the web from his elevated account, which had fewer automatic restrictions, downloaded a popular video clip that was “viral” in more ways than one. Principles violated: integrity and procedural compliance.
  • A staff officer clicked on a link in an e-mail promising discounts for online purchases, which was actually an attempt by the testers to plant a phishing back door on her workstation. Principles violated: a questioning attitude, depth of knowledge, and procedural compliance.
  • A new network administrator installed an update without reading the implementation guide and with no supervision. As a result, previous security upgrades were “unpatched.” Principles violated: depth of knowledge, procedural compliance, and forceful backup.
  • A network help desk reset a connection in an office without investigating why the connection had been deactivated in the first place—even though the reason might have been an automated shutdown to prevent the connection of an unauthorized computer or user. Principles violated: procedural compliance and a questioning attitude.

A Holistic Approach

At Konsultek we don’t just slap in “black boxes” and hope that security happens. Sure we build custom technical solutions that utilize the best technology available, but we also work outside the IT department to make sure that the business processes are in place to limit the impact of human error on the security of your information and network. If you are looking to upgrade your security, give us a call and begin a dialogue with us.


Fortinet Brings Business Continuity Through Holistic Network Security

As discussed repeatedly on this blog through the years there is no “magic” box that can be plugged into your network to guarantee invulnerability to hacking and 100% uptime. If it were that simple Amazon.com would carry the boxes and there would be no need for Konsultek and its technology partners such as Fortinet.

Having a secure network is paramount for business success today. Whether you are an law office, school, university or healthcare provider you need to be able to securely sen and and receive email, transfer funds, manage inventory and access records. In many cases these capabilities must be available 24X7X365 and that means that holistic network security is essential for business continuity.

The Fortinet Fabric

What we really like about Fortinet and the capabilities we can bring to customers via Konsultek’s customized security solutions is how their security solutions “fabric” helps ensure seamless coverage across the complete network.

As they put it on their website:
“Fortinet is the only company with security solutions for network, endpoint, application, data center, cloud, and access designed to work together as an integrated and collaborative security fabric. This also means we are the only company that can truly provide you with a powerful, integrated end-to-end security solution across the entire attack surface along any point along the kill chain.

Simply deploying security end to end is not enough. These solutions must work together to form a cooperative fabric, spanning the entire network, linking different security sensors and tools together to collect, coordinate, and respond to any potential threat. And it must do this wherever it occurs, in real time, with no network slowdowns.”

When deployed in existing networks Fortinet overlays on your existing patchwork quilt of security solutions and turns them into a high performance security fabric. This enhances network visibility and security by effectively securing the gaps and seams that previously existed between your specific network security measures.

Meet Fortinet at Texas Holdem

The Fortinet team will be attending our Annual Texas Holdem event on Thursday, Oct 20th at the Abbington Banquets in Glen Ellyn. Doors open at 3:30.
Please sign up here.


We look forward to seeing you there!

Gartner Chimes in on Prevention Vs. Detect and Respond

It is always heartening to see a respected organization such as Gartner espousing the same security philosophies as we have here at Konsultek. In a recent blog post, Gartner’s Oliver Rochford points out that the most robust security solutions combine both prevention AND detect and respond approaches.

If you’ve been following this blog for any length of time you’ll know that this is exactly how we approach all of our information and network security engagements.

An Ounce of Prevention – Still Worth a Pound of Cure

Despite what some might say, prevention is far from being a dying or dead approach. A properly executed prevention strategy that utilizes advanced firewall and access control technologies can help mitigate the impact of old school hacking. When outsiders who don’t have proper credentials attempt to access your network with a variety of tools and tricks they are simply shut out.

But what if they pierce the protective veil of your prevention strategies? Password theft, cracking weak passwords and social engineering are just 3 ways ne’er do wells can compromise the best developed prevention strategies. And when that happens you better hope that your security provider has also included that latest in detect and respond technologies or your system and your information will be instantly at risk.

Detect and Respond

As the name implies, detect and respond approaches can sense when things in your network are not quite right and take action to contain the unusual activity before significant damage can occur. For example, when the credentials of your summer intern suddenly are used to access the network and attempt to explore portions that he or she has no business even thinking about let alone accessing.

The Konsultek Approach

At Konsultek we approach every client’s security engagement as an opportunity to develop a best fit approach. You’ll never find us espousing one-size-fits-all, cookie cutter approaches to information security. When you call, we’ll listen and when our engineering team develops your security solution you can bet it will be based upon delivering the most security value for the money. So give us a call today. We look forward to hearing from you.

Using Symantec? Your Small Business May Be VERY Vulnerable!!

A veritable bombshell was dropped yesterday on Google Project Zero when Tavis Ormandy posted that the Google team had discovered vulnerabilities in virtually all Symantec and Norton security products that are ”as bad as it gets.”

The Project Zero post is quite detailed in its description of the multiple flaws and vulnerabilities located in the products and if you are interested in the nitty gritty you should definitely check it out.

If, however, you are more interested in the big picture synopsis, here is what we know.

  1. Symantec Endpoint Protection and:
  • Norton Security, Norton 360, and other legacy Norton products (All Platforms)
  • Symantec Endpoint Protection (All Versions, All Platforms)
  • Symantec Email Security (All Platforms)
  • Symantec Protection Engine (All Platforms)
  • Symantec Protection for SharePoint Servers
  • And so on…

Are all impacted since they share the same core engine.

Image source: Tavis Ormandy, Google Project Zero

2. “These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”

3.   Symantec has publicly released its own advisory that lists 17 different affected products.

What Does This Mean To You?

Most of the updates underway from Symantec will automatically install using a pathway similar to how the products receive virus definition updates. However, to be sure that all the vulnerabilities have indeed been fixed, Network administrators should review the advisory issued by Symantec as manual updates may be required.

How Can Konsultek Help?

At Konsultek we build custom security solutions from the ground up that use a holistic combination of prevention, detection and access management to ensure that your network is secure and stays that way. Give us a call to learn more about how our custom developed approach, including managed services, is far and away superior to plug and play software and boxes.



Which Industries Have the Highest Average Data Breach Costs?

The Ponemon Institute with sponsorship from IBM recently released their 2016 Cost of Data Breach Study: Global Analysis.

Last week we took a look at what countries had the highest average data breach costs. We learned from the study that the top 3 countries in descending order were:

  1. United States
  2. Germany
  3. Canada.

Which Industries Have the Highest Average Data Breach Costs?

In this post we’ll take a slightly different look at the data and examine which industries have, on average, the highest breach costs.

As you look at the graphic below you probably won’t see anything that surprises you. Especially if you are a frequent reader of this blog since the industries that top the list are also the very same industries that are discussed here most often.

Source: Ponemon Institute

All three of these industries are among the most highly regulated and deal with the most sensitive information so it stands to reason that regulatory costs of a breach will be higher than in a less sensitive industry.

We Know These Industries

Konsultek has clients in each of these “big 3” industries so we now what it takes to develop solutions that deliver the protection your organization needs.

What is YOUR plan for data breach prevention? If you don’t have one or think you’d like a second opinion from an organization that lives and breathes security, just give us a call!



Which Countries Have the Highest Average Data Breach Costs?

The Ponemon Institute with sponsorship from IBM just released their 2016 Cost of Data Breach Study:Global Analysis.

As we have become accustomed to, this study is chock full of interesting data and as such we’ll dedicate a few blog posts to highlighting some of the more interesting points as opposed to attempting to cram it all into one all-encompassing missive.

Which Countries Have the Highest Average Data Breach Costs?

The first data set presented in the report compares the cost of per capita breaches across 12 different countries. The results are shown below:

Source: Ponemon Institute


After reading through the report it was difficult to identify a single element that defined why the costs of a breach per record were higher for the top countries. Rather, it seems as though a variety of contributing factors are at work.

  1. The prevalence of “high breach cost industries” in that country. For example, healthcare and financial services industries
  2. The degree of 3rd party integration – more integrations mean higher costs
  3. The size of the breach itself – larger breaches tend to cost more per record
  4. Detection and escalation costs – Canada, for example had costs far higher than other similar countries in this regard
  5. Notification and post-breach response costs – here the US and Germany led the charge.

Remember an Ounce of Prevention is Worth a Pound of Cure!

At Konsultek we believe heartily in the old adage that “an ounce of prevention is worth a pound of cure.” That is why we create customized security solutions for our clients that focus on prevention and rapid detection so that breaches are prevented up front first. If, by chance an intrusion does happen, our detection component helps to rapidly identify the threat and contain it before harm can occur.

What is YOUR plan for data breach prevention? If you don’t have one or think you’d like a second opinion from an organization that lives and breathes security, just give us a call!



6 Reasons Why Cyber Security Should Be Higher on SMBs Priority List

For years now we’ve been documenting the trends that indicate that SMBs (Small and Medium Sized Businesses) are increasingly being targeted by cybercriminals and hackers. So, it was heartening to see the mainstream small business magazine, Entrepreneur, ran an article this week that draws attention to the SMB security issue. In his article, contributing author Toby Nwazor highlights 6 reasons why small businesses are more likely to be targeted by cybercriminals than they think.

1. Hackers expect your business to be minimally protected

Let’s face it. As a small business you have dozens of other resource priorities such as hiring and retaining talent, marketing, sales and fulfillment that come before network and information security on your list of things that need to get done. Cybercriminals are savvy folks and they understand this and this unfortunately just might land your business in their cross-hairs.

2. Your business is valuable to them for different reasons

Cybercriminals have a different set of metrics when it comes to business valuation and it doesn’t have anything to do with cash flow, revenue or balance sheets! Their value your business based upon the data you have in your systems (think credit card data, personal identification data and trade secrets) or the data your system can give them access to.

3. You have probably left some doors open and the lights on

When you started your business you filed papers, opened accounts and signed up for services. This has compiled a digital “We’re New and You Should Stop By” sign for your company out there in cyberspace. If your sign has the right combination of factors you may have unwittingly attracted the attention of some cyber unsavories.

4. You may be viewed as a way to land bigger fish

As mentioned in 2 above, sometimes it is not your business at all that the hackers are after but rather who your business is connected to. The epic Target breach began with a vulnerability in much smaller HVAC contractor’s system.

5. Your most basic network functionality may not be secure

Your office wi-fi, if protected, may still be vulnerable to professional hackers and every time you or your employee does work from an unsecured public connection you are potentially putting your business at risk.

6. Recent statistics don’t favor you in the slightest.

A quick glance from this table extracted from the Verizon 2015 Data Breach Investigation report shows that small businesses are sometimes even more likely than large businesses to be hacked.

Source: Verizon 2015 Data Breach Investigation Report

And, when you look at the percentage of confirmed data loss, the figures get even more depressing!

Konsultek Can Help!

At Konsultek we work with Small and Medium Sized Businesses every day to develop security solutions that are customized to each business’ unique situation. In some cases our managed security services offer a cost effective way for a smaller business to get the same level of security as some of the largest organizations in the world. So, what are you waiting for? It’s time to move security a little higher on your “to do” list and give us a call!


© Copyright 2018 Konsultek