Wipro, third-largest IT outsourcing company in India a worth of $11 billion has been hacked. Wipro’s systems faced serious Cyber-attacks/ Phishing and it is a matter of huge concern from cyber security’s point of view. It is highly unfortunate to hear when a top IT company in India can’t save themselves from the cyber attack. Wipro has admitted that they are under a cyber attack, and their clients are being targeted by hackers. Wipro called the incident a zero-day attack and has employed a forensic investigator to probe the incident.
Cybersecurity investigator Brain Krebs reported that Wipro is under a cyber attack, and thier systems are being used as ‘digital fishing expeditions’ to target their clients. We can say, hackers are using Wipro’s IT infrastructure as a launch pad to target and attack their clients. Brian Krebs put Wipro in a tough spot by bringing up a critical data breach in the midst of a quarterly earnings call.
Brian Krebs, confronted Wipro during its investors’ call and demanded to know why the company hadn’t bothered to revert to his exposé around the data breach incident and dismissed his findings as inaccurate and false.
Wipro alleged that Krebs’ investigation and the original news report were “incorrect on several points”. Caught off guard, Bhanumurthy BM, COO of Wipro, suggested that they take the conversation offline to discuss Krebs’ findings.
Sources says, Wipro’s systems were being used as “jumping-off points” for phishing expeditions targeting at least 12 Wipro customer systems. Wipro chief executive Abidali Neemuchwala has admitted that cyber attacks are happening in the company, and they are investigating it via a forensic firm.
As pr Wipro’s official statement, they have been building a new private email network, and on the day of deployment, some employees’ email platform were under minor attacks, which is common in the industry.
Wipro has described these attacks as zero-day attacks, which are generally carried on the same day when a system is taking over an older system, and there exists some vulnerabilities which hackers attempt to exploit.
Following the disclosure. Wipro said that, it detected potentially abnormal activity in a few employee accounts due to an “advanced phishing campaign”.
In addition to this, Wipro also shared that it has employed a “well-respected” independent forensic company to investigate the breach.
Sridhar Govardhan, CISO, Wipro, actually did acknowledge, in his blog, that phishing attacks via emails were the topmost exploited threat vectors, and that every breach had a phishing email element as part of the “compromise”.
Sources revels, that the client’s of Wipro are being targeted
In their official statement, Wipro has admitted that under this phishing attack, websites of some of the clients have been impacted, and they have even informed those clients.
Secondly, under filings done by Wipro at US Securities and Exchange Commission, they are liable to pay heavy penalty, in case their client’s websites are breached, due to Wipro’s security vulnerabilities.
Wipro’s official statement said, “We detected a potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign. Upon learning of the incident, we promptly began an investigation, identified the affected users and took remedial steps to contain and mitigate any potential impact ”.
Hence, it is of utmost importance to educate employees for phishing attacks, experience mock attacks, develop a security policy that includes but isn't limited to password expiration and complexity and keep sensitive Data encrypted as much as possible.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
