has reportedly hired an independent forensic firm to assist with the investigation into the hacking.
On the day it is supposed to declare its March quarter (Q4) results, India’s fourth largest technology firm Wipro Ltd confirmed reports about a phishing attack on its IT systems. The Bangalore-based IT company did not give out any details on the extent and effect of the hacking. It has reportedly hired an independent forensic firm to assist with the investigation into the hacking.
The breach was first reported by cybersecurity portal, KrebsOnSecurity. “Wipro is investigating reports that its own IT systems have been hacked and are being used to launch attacks against some of the company’s customers,” the report said, citing unidentified sources.
The sources pointed out that Wipro system’s were being used for running a phishing campaign targeting a dozen Wipro customers, who traced malicious and suspicious network reconnaissance activity (a process for testing potential vulnerabilities in a computer network) back to systems that were communicating with Wipro’s network. According to one of the sources, Wipro is building a new private email network as they believed that the attackers had breached their email system.
The report further said the breach is believed to be by state sponsored attackers and that Wipro has been dealing with the hacking for over month.
KrebsOnSecurity reached out to Wipro on 9 April for comment. Wipro didn’t comment on any of those questions directly, but issued a statement: “The company has robust internal processes and a system of advanced security technology in place to detect phishing attempts and protect itself from such attacks. We constantly monitor our entire infrastructure at heightened level of alertness to deal with any potential cyber threat.”
One source familiar with the forensic investigation at a Wipro customer said it appears at least 11 other companies were attacked, as evidenced from file folders found on the intruders’ back-end infrastructure that were named after various Wipro clients. That source declined to name the other clients.
Commenting on the attack, Surendra Singh, Senior Director & Country Head, Forcepoint said, “The latest cyberattack on Wipro’s IT systems are deeply concerning – and yet not surprising. While the organization has done the right thing to launch investigations into the source of this attack, the reports suggest that nefarious actors compromised digital identities or credentials of approved users – so as to operate within the Wipro network, masquerading as insiders.
Wipro has more than 170,000 employees helping clients across six continents with Fortune 500 customers in healthcare, banking, communications and other industries. The company further reported a net profit of Rs. 2,483.5 crore for the quarter ended March 31. That marked a 1.07 per cent fall from its net profit of Rs. 2,510.4 crore registered for the previous quarter. In a regulatory filing post-market hours on Tuesday, Wipro said its revenue stood at Rs. 15,006.30 crore for the quarter, a decrease of 0.35 per cent compared to Rs. 15,059.5 crore the previous quarter.
Globally, individuals, companies and governments are being increasingly targeted by cybergoons as the number of smartphones users increases and more connected devices underscoring the internet of things (IoT) trend is underway. India is no exception, as cybersecurity continues to be a major issue in India with 76% organizations hit by online attacks in the last year, as compared to 68% incidents across the globe, according to a recent survey by security firm Sophos, which highlights that 97% IT managers admitted that security expertise is one of the greatest issues in the country.
In another report by Seqrite last year, the IT/ITeS industry was highlighted as the most targeted sector, accounting for 27.83% of the total malware detection in H2 2018. This was followed by professional services with a detection share of 24.43%, and manufacturing (17.70%) and education (11.08%) were also identified as at-risk industries.
“Increasingly sophisticated attacks are being launched on enterprises and government agencies to gain access to critical data and intellectual property. And, traditional security approaches for combating such cyber attacks are no longer effective in today’s digital world. To secure the digital enterprise, CSO/CISOs need to understand who is accessing data and why,” said Singh.
He tipped that organizations should focus on understanding the normal behavior of legitimate users who have access to critical data. “By creating a baseline of normal behavior, it becomes much easier to know when this behavior changes – signalling an attempted breach or a compromised insider,” Singh concluded.