A seemingly archetypal quarterly earnings call for Wipro quickly spiraled out of control after a cybersecurity investigator posed some rather uncomfortable questions to the country’s third-largest IT outsourcing company. And it all went south from there.
Brian Krebs, the well-known cybersecurity investigator and author of KrebsOnSecurity confronted Wipro during its investors’ call and demanded to know why the company hadn’t bothered to revert to his exposé around the data breach incident and dismissed his findings as inaccurate and false.
Wipro alleged that Krebs’ investigation and the original news report were “incorrect on several points”. Caught off guard, Bhanumurthy BM, COO of Wipro, suggested that they take the conversation offline to discuss Krebs’ findings.
He went on to explain, in corporate flimflam, that the company has “taken steps that have to be taken” and that investigations are underway.
Exclusive: Multiple sources now say Indian IT outsourcing giant @Wipro is in the throes of dealing with a months-long breach in which intruders were seen using the company's networks to attack and probe customer systems https://t.co/02WkdkU0UE pic.twitter.com/ptOxylwJ4K
— briankrebs (@briankrebs) April 15, 2019
Whistle-blowers reached out to KrebsOnSecurity and revealed that the company was dealing with a “multi-month intrusion from an assumed state-sponsored attacker”. The sources went on to disclose that Wipro’s systems were being used as “jumping-off points” for phishing expeditions targeting at least 12 Wipro customer systems.
Following the disclosure, Wipro, in an email statement to ET, said that it detected potentially abnormal activity in a few employee accounts due to an “advanced phishing campaign”.
In addition to this, Wipro also shared that it has employed a “well-respected” independent forensic company to investigate the breach.
“The reputation hit for a hacked managed service provider is exponentially worse, especially if the company was the medium used for an attack on its customer base.”
- Neelesh Kripalani
Interestingly, Sridhar Govardhan, CISO of Wipro, actually did acknowledge, in his blog, that phishing attacks via emails were the topmost exploited threat vectors, and that every breach had a phishing email element as part of the “compromise”.
Looks like a case of nefarious actors masquerading as insiders compromised digital identities
Surendra Singh, Senior Director & Country Head of cybersecurity specialist Forcepoint, says that increasingly sophisticated attacks are being launched on enterprises and government agencies to gain access to critical data and intellectual property.
“Traditional security approaches for combating such cyber-attacks are no longer effective in today’s digital world,” he opines.
To secure their organizations, he emphasizes that CISOs need to understand who is accessing data and why. Sharing his two cents with CSO India, he suggests that creating a baseline of normal behavior makes it much easier to detect a change in behaviour – which could indicate an attempted breach or a compromised insider.
What makes the case particularly precarious for Wipro, according to Neelesh Kripalani, Senior VP and Head of Center of Excellence at Clover Infotech, is that the reputation hit for a hacked managed service provider is “exponentially worse”, especially if the company was the medium used for an attack on its customer base.
What Wipro has to say
Wipro said in a statement that the company detected a potentially abnormal activity in a few employee accounts on its network due to an advanced phishing campaign. "Upon learning of the incident, we promptly began an investigation, identified the affected users and took remedial steps to contain and mitigate any potential impact. We are leveraging our industry-leading cyber security practices and collaborating with our partner ecosystem to collect and monitor advanced threat intelligence for enhancing security posture. We have also retained a well-respected, independent forensic firm to assist us in the investigation. We continue to monitor our enterprise and infrastructure at a heightened level of alertness.”