Business Continuity & Cyber Security Incident log w/e 19/05/2017

Business Continuity Incident

French Consumers targeted in Banque De France Phishing attack

Cyber-criminals are attempting to steal credentials from French companies and consumers, yet the campaign is falsely attributed to the Bank of France.

According to the Bank of France, people have been receiving emails with fake bills, reports of bank accounts being frozen and granted loans in an attempt to trick them into handing over account numbers and other sensitive data.

Hackers operating the phishing campaign are using the Bank’s name and logo in addition to phone numbers and email addresses to make their fake emails appear legitimate. The fake emails redirect victims to a malicious website requesting them to input bank details and download malicious files.

The bank has warned people against providing sensitive data online or over the phone.

A Google translated version of the bank’s statement read: “The Banque de France alerts the public about the resurgence of data theft attempts, fraudulently using its name and targeting companies and individuals under the most diverse pretexts.”

The Bank of France calls for the “greatest alertness” from the public.

It is unknown if the attacks have any connection to the recent political hacking campaign targeted at French president Emmanuel Macron’s political party.

Breached DocuSign database starts massive phishing campaign

The theft of a database containing the email addresses of DocuSign customers is to blame for a massive phishing campaign targeting the electronic signature technology provider’s users over the past week.

Last Tuesday the US-based company advised customers of a malicious email campaign that spoofed DocuSign’s branding and email headers in an attempt to get users to run macro malware.

The phishing emails masqueraded as documents sent from another company needing a digital signature from the recipient. They included a downloadable Word document containing the malware.

The emails were sent from domains including

Today the company revealed the mass phishing campaign had been enabled by a breach of one of its “non-core” systems that contained customer data for the purpose of sending out service announcements via email.

DocuSign said only email addresses had been accessed in the breach.

“No names, physical addresses, passwords, social security numbers, credit card data or other information was accessed,” the company advised.

“No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.”

The company said it had put new security controls in place to prevent further breaches, and was working with law enforcement agencies.

It advised customers to delete any emails with emails containing the subject lines: “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”.

DocuSign also said users should forward any suspect emails to the company’s spam address and ensure their anti-virus is up to date.

“Your trust and the security of your transactions, documents and data are our top priority. The DocuSign eSignature system remains secure, and you and your customers may continue to transact business through DocuSign with trust and confidence,” it said.

DocuSign boasts more than 40 million global uses of its encrypted document exchange technologies and digital signature document authentication.Internet

Internet retailer Hit by Warehouse Fire

A fire that broke out at ASOS‘s distribution centre outside Berlin in the early hours of Tuesday morning may have damaged around £6.3m worth of stock.

A full evacuation was conducted, with no injuries to staff and the fire was contained to one of the company’s four chambers in the first phase of the development at the new Eurohub 2 distribution centre. ASOS said contingency plans were executed successfully with customer orders currently being fulfilled via its Barnsley warehouse.

The business held around 7m units of stock at the facility. ASOS said there were around 2m units of stock in the affected chamber with a cost value of approximately £25m, around 25% of which could be compromised by fire and water damage. However, ASOS said it is fully insured for loss of stock and any subsequent business interruption.

It added that none of the technology, automation or structure of the building has been affected and the clean-up process is underway. The other three chambers of the site will be operational again later on Tuesday.

Zomato Restaurant Finder Hit by Data Breach

About 17 million user records have been stolen from restaurant finder, Zomato , the company has announced. Users have been reassured users that no payment information or credit card data has been leaked. The food ordering service, which is used by over 120 million users, has reset passwords of all affected users and logged them out as a precaution. 

“Our team is actively scanning all possible breach vectors and closing any gaps in our environment. So far, it looks like an internal (human) security breach – some employee’s development account got compromised,” reads the blog post. 

The stolen information includes user’s email addresses as well as hashed passwords. Patidar has recommended users to change passwords in case they’re using the same for other accounts as well. Further, Zomato will be adding an extra layer of security for internal teams to avoid such a breach in the future. 

The development comes on the heels of WannaCry ransomware attack that has affected about 150 countries globally, including Russia and the US. In India, five or six isolated instances have been reported in states like Gujrat, Kerala and West Bengal.

Patidar has assured Zomato users that the stolen information can’t be misused since the company has reset the passwords for all affected users. He adds that Zomato accounts of all users are secure. Further, Zomato plans to roll out enhanced security measures for all user information stored within their database