Wipro says network faced advanced cyberattack, few customers 'impacted'

The website KrebsOnSecurity, run by independent journalist Brian Krebs, reported that hackers had compromised Wipro's systems and used them to launch attacks on the firm's clients

Information technology services firm Wipro on Tuesday said it had hired a forensic firm to investigate a cybersecurity attack on its systems, which impacted a “handful” of customers through an advanced phishing attack. 

KrebsOnSecurity, a website run by independent journalist Brian Krebs, reported on Monday hackers had compromised the Bengaluru-based IT company’s systems and used them to launch attacks on the firm’s clients over a period of several months.

Wipro said it “detected a potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign,” but denied that the attack was going on for months. “We have informed the handful of customers impacted,” Chief Operating Officer BM Bhanumurthy said at a press conference on Tuesday after the fir reported fourth quarter results. He said the firm became aware of the attack a week ago, and not months ago, as Krebs reported in his blog. 

Bhanumurthy said Wipro was monitoring the situation with a high level of alert, and there was regular communication between the chief information security officer at Wipro and the affected customers. 

Phishing attacks could either be in the form of an email from a trusted source asking for personal information such as passwords, bank details, personal details, or it could mimic an existing website or webpage and trick a user into entering confidential information on the page. 

Quoting two people familiar with the breach, Krebs said it accessed Wipro’s systems, and managed to target “at least a dozen Wipro customer systems”. “Upon learning of the incident, we promptly began an investigation, identified the affected users and took remedial steps to contain and mitigate any potential impact. We are leveraging our industry-leading cybersecurity practices and collaborating with our partner ecosystem to collect and monitor advanced threat intelligence for enhancing security posture. We have also retained a well-respected, independent forensic firm to assist us in the investigation,” Wipro said in a statement.

Krebs said in his blog the process of building a private email network because the intruders were thought to have compromised Wipro’s corporate email system for some time. 

In a recent report, anti-virus maker Kaspersky Lab said phishing attacks doubled in 2018 to over 482 million attempts. “The consequences of such attacks may range from a loss of money to the compromise of an entire corporate network. Phishing attacks, especially of the malicious link or attachment variety, are a popular initial infection vector for targeted attacks on organisations.”

Threat detected

• KrebsOnSecurity reported that the hackers accessed Wipro's systems, and managed to target “at least a dozen Wipro customer systems”
• The company says it is monitoring the situation with a high level of alert  and is in contact with officials and affected customers
• The firm says it “promptly began an investigation, identified the affected users and took remedial steps to contain and mitigate any potential impact”