Indian IT outsourcing giant Wipro has confirmed its internal IT systems have been hacked, after it was reported that its servers are being used to launch attacks against it own customers.
The Wipro hack was first reported by KrebsOnSecurity, who said that it had been contacted by “multiple sources”, and that Wipro had refused to respond to questions about the alleged incident.
Wipro then confirmed to the India Times that it had discovered an intrusion and that it had hired an outside security firm to investigate.
KrebsOnSecurity reported that it had heard independently from two trusted sources that Wipro was dealing with a multi-month intrusion from an assumed state-sponsored attacker.
Both of those sources told the security website that Wipro’s systems were seen being used as jumping-off points for digital fishing expeditions targeting at least a dozen Wipro customer systems.
KrebsOnSecurity had reported that Wipro was in the process of building a ‘new private email network’ after the attackers apparently compromised Wipro’s corporate email system.
Wipro later confirmed the intrusion to India Times (ET).
“We detected a potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign,” Wipro said in a statement. “Upon learning of the incident, we promptly began an investigation, identified the affected users and took remedial steps to contain and mitigate any potential impact.”
“We are leveraging our industry-leading cyber security practices and collaborating with our partner ecosystem to collect and monitor advanced threat intelligence for enhancing security posture,” added the Wipro statement.
“We have also retained a well-respected, independent forensic firm to assist us in the investigation,” the firm said. “We continue to monitor our enterprise and infrastructure at a heightened level of alertness.”
One security expert has warned that some small service providers have reduced their cybersecurity spending, and this could be dangerous in the months ahead.
“Technology and security providers now dominate the list of low hanging fruits for cyber gangs,” explained Ilia Kolochenko, Founder, CEO and chief architect at web security company ImmuniWeb.
“Acting on a highly competitive and turbulent market, small service providers often have to cut their own cybersecurity costs and often disregard even the fundamentals of data protection,” said Kolochenko.
“Large and wealthy companies have such convoluted and intricate systems all over the world, that it’s virtually impossible to secure them,” he added. “Legacy and shadow systems, third-party infrastructure, cloud and outscoring exacerbate the situation and annihilate data security.”
“It is premature to make any decisive conclusions about the Wipro security incident before the company will conduct a comprehensive investigation,” he concluded.
“I’d not speculate on the rumours and wait for an official statement,” Kolochenko said. “The good news is that the incident was detected and is being remediated, while the vast majority of targeted attacks against trusted suppliers remain undetected and actually represent a time bomb.”
Do you know all about security? Try our quiz!