WIPRO, an IT outsourcing and consulting company is investigating a possible breach of its own IT systems where hackers are using the infiltration to target WIPRO customers.
Wipro has confirmed this breach in a story by the India Times. That wasn't so hard, was it? https://t.co/btvRNDjMWF
— briankrebs (@briankrebs) April 16, 2019
Experts Comments:
Dan Tuchler, CMO at SecurityFirst:
“The bar continues to rise. The increasing complexity and interconnectedness of IT infrastructure makes it harder to protect. Wipro, a firm with broad IT expertise, is a victim and a part of a complex hack against some of their customers, despite extensive security and monitoring measures. This underscores the importance of protecting data where it resides on servers, including encryption, comprehensive key management, and data access policy control. These attacks are not going to stop. Organizations must defend the security of their data.”
Dr Darren Williams, CEO and Founder at BlackFog:
“Phishing techniques have been around for quite some time and many of us wrongly assume that we would be able to spot a phishing attack, but as shown by the Wipro breach, cybercriminals and hackers are growing more sophisticated by the day, so businesses need to ensure that they are investing appropriately into their cyber defences. The days of obvious email scams filled with glaring typos and outlandish claims are behind us. Today’s cybercriminals are sending convincing-looking emails with accurate branding to fool people, and unfortunately, it’s working and can have disastrous consequences.
“It’s therefore vital to ensure that your organisation’s cybersecurity uses a layered approach, focusing on different types of breaches. Traditional cybersecurity tools such as AntiVirus solutions are not enough. It’s impossible to prevent hackers from getting into your network – but is possible to stop them getting out with your data.”
Mark Bower, Chief Revenue Officer and NA General Manager at Egress Software Technologies:
“The Wipro hack and subsequent compromise of their IT systems is a demonstration of how devastating third-party, supply chain partner attacks can be. Early reports indicate that the hackers were already able to launch direct attacks on customer environments. Most concerning for the tens of thousands of Wipro customers – including many in the Fortune 500 – are the reports that Wipro’s email system has been compromised for some time.
Wipro should immediately let customers know whether they were using message encryption internally to protect customer emails. Encrypting email messages at rest prevents the hackers from accessing sensitive data that can be weaponised to launch attacks such as man-in-the-middle attacks.
Furthermore, every Wipro customer should be hyper-aware of the potential of such attacks coming from this previously trusted domain. Employees should be on red alert for any email from this domain until such time as Wipro demonstrates that it’s email system is rearchitected. Phishing attacks are used time and again because of how effective they are in taking advantage of human weakness. Their effectiveness is amplified exponentially when the phishing attacks come from what is believed to be a trusted partner.
Proactive companies can stay ahead of such attacks through continual employee education on what to look for and by making sure they have technology in place to mitigate people’s mistakes – like clicking a bad link – wherever possible.”
Matan Or-El, CEO at Panorays:
According to reports, it appears that attackers targeted Wipro as a springboard to attack their customers. If this is indeed the case, then such a scenario can certainly be called a supply chain attack. We typically think of supply chain attacks as stealthy attacks on hardware components, such as malware on laptops and network devices. But we shouldn’t forget that supply chain attacks also include attacks on service providers. In today’s digital age, working with suppliers is a business necessity; however, it involves cyber risks, because an attack on the supplier means an attack on the organization. For this reason, companies need to develop a security policy and ensure that their third parties – vendors, suppliers, business partners – adhere to it. This is important not only during screening and onboarding of the suppliers, but throughout their whole business relationship, and requires continuous monitoring of the supplier’s digital presence.”
Richard Hunt, Managing Director at Turnkey Consulting:
Wipro breach: a call for ever-rigorous cyber security protection
As IT outsourcing company Wipro investigates the causes of this week’s breach, the attack is a reminder – if one were needed – for ever-rigorous cyber security protection. It also reinforces the need for the independent governance of security – ie its management should be outside the jurisdiction of functional and technical support.
Within that framework, the following three key areas of activity should be addressed on a continual basis.
Securing the supply chain
The Wipro attack highlights the growing vulnerability of modern organisations as criminals target suppliers and partners and flags why reviewing the complete supply chain is critical when addressing cyber risk. Where vendors manage a service, or hold a trusted position, defining expectations and holding partners accountable for their responsibilities is critical to properly protect data. The vendor onboarding process should include validation that an enterprise has security provision in place that protects both themselves and a partner organisation’s data.
Phishing awareness
The breach also demonstrated how criminals pose as a trusted third party in order that data or login credentials are inadvertently handed over to them. Preventing activity of this type requires rigorous security awareness training that covers all aspects of phishing; being asked to install software, enter login credentials on a website, or provide exports of data for example should immediately raise red flags. Anyone with access to the organisation – employees, partners, contractors, etc – needs to be reminded on a regular basis to follow defined organisational processes and policies when faced with a request that could expose the enterprise.
Technology tools
The Wipro breach was identified via network monitoring from the clients’ networks, a key tool in spotting suspicious behaviour by employees and third parties. Vulnerability assessments also ensure that network hardening is in place and effective in managing threats. Should a breach of administrator access occur, robust privileged account management (PAM) processes can ensure that any activities performed as a result can be monitored and limited. Meanwhile, Multi-Factor Authentication (MFA) can prevent stolen credentials being misused.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.