Anti-Phishing, DMARC , Breach Response , Cloud Security

Wipro's Breach Incident Raises Questions

What Impact Will It Have on Reputation of Outsourcers?
Wipro's Breach Incident Raises Questions

The discovery of an apparent data breach at Indian IT service firm Wipro could hurt the firm's reputation, as well as the reputation of other outsourcing companies, some observers say.

See Also: 10 Incredible Ways You Can Be Hacked Through Email & How To Stop The Bad Guys

"Wipro's breach incident is affecting the entire outsourcing industry, and it is a big reputational risk that the firm needs to handle with care," says Sriram Natarajan, COO at Quattro, a business process outsourcing company.

Phishing Attack

On Tuesday, Wipro acknowledged that it had detected abnormal activities on some of its employee accounts due to an advanced phishing campaign.

Wipro told Information Security Media Group that none of its customers' credentials or data had been compromised. But the KrebsonSecurity blog, which broke the story, reported that at least a dozen Wipro customers' systems had also been affected by the incident.

Wipro has yet to reveal any further details about its ongoing investigation.

The company's COO, Bhanumurthy BM, said on Tuesday: "We came to know of a potentially abnormal activity from our network, which was related to very few employee accounts. These employee accounts were subjected to very advanced phishing activity.

"We have contained the attack. We are conducting forensics, what is the motive and modus operandi - and all of that takes time. That is an ongoing activity."

Critics Seek Answers

Some security experts are lamenting Wipro's reluctance to share more information on the incident.

"There has been such a big corporate email compromise at this large outsourcing firm, and the communication sent to the media or the industry is not convincing," says the security head of a large consulting firm, who asked not to be named. "Lack of specific information around what happened to the customer data or to what extent it has been compromised ... creates ambiguity and leads to adverse speculation."

Quattro's Natarajan questions whether Wipro has a proper communication policy and crisis management plan as well as a strong auditing team.

The target of the spear-phishing campaign apparently has been system administrators, says C.N. Shashidhar, CEO of SecurIT. "By attacking the system admins' system, they have successfully gained access to Wipro's network, compromising the entire email system," he says.

The hackers apparently then used Wipro's traffic to gain entry into customers' networks, he adds. "The impact of this would be to lose customer confidence," Shashidhar says.

U.K.-based Mark Bower, chief revenue officer at Egress Software, observes: "The Wipro hack and subsequent compromise of their IT systems is a demonstration of how devastating third-party, supply chain partner attacks can be. Early reports indicate that the hackers were already able to launch direct attacks on customer environments. Most concerning for the tens of thousands of Wipro customers - including many in the Fortune 500 - are the reports that Wipro's email system has been compromised for some time."

Bower says Wipro should immediately let customers know whether the company was using encryption to protect customer emails.

Furthermore, he says, every Wipro customer should be on alert for any email from the Wipro domain until the company demonstrates that its email system is re-architected.

"It is imperative for organizations to stay ahead of the game against the hackers, says Neelesh Kripalani, senior vice president at Clover Infotech, a managed service provider. "And we as the MSP play an important role in ensuring the same. The approach toward cybersecurity threats needs to be proactive rather than reactive."

Kripalani recommends that Wipro should "implement database activity monitoring solutions to monitor database traffic for detection and blocking of threats, along with regular VAPT tests, and ensure corrective actions are taken up in real time."

Because most email systems operate in the cloud environment, he suggests implementing role-based access so that the administration privileges do not stay with single user account.

"Use of cloud access security management tools for greater security control could help in such a scenario, Kripalani says.


About the Author

Geetha Nandikotkur

Geetha Nandikotkur

Managing Editor, Asia & the Middle East, ISMG

Nandikotkur is an award-winning journalist with over 20 years' experience in newspapers, audio-visual media, magazines and research. She has an understanding of technology and business journalism, and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a Group Editor for CIO & Leader, IT Next and CSO Forum.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.