India's Wipro investigating potential breach of some employee accounts

guest · Apr 16, 2019

India's Wipro investigating potential breach of some employee accounts
April 16, 2019
https://www.reuters.com/article/us-...reach-of-some-employee-accounts-idUSKCN1RS0B0

Indian IT services firm Wipro Ltd said on Tuesday some of its employee accounts may have been hacked due to an advanced phishing campaign and that the company had launched an investigation to contain any potential impact.

The Bengaluru-based company was responding to a Reuters query after cyber security blog KrebsOnSecurity said Wipro’s systems had been breached and were being used to launch attacks against some of its clients.
KrebsOnSecurity, citing anonymous sources, said Wipro’s systems were being used to target at least a dozen customer systems.

“We detected a potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign,” Wipro said in an emailed statement.
Click to expand...

KrebsonSecurity: Experts: Breach at IT Outsourcing Giant Wipro

ronjor · Apr 17, 2019

How Not to Acknowledge a Data Breach

I’m not a huge fan of stories about stories, or those that explore the ins and outs of reporting a breach. But occasionally I feel obligated to publish such accounts when companies respond to a breach report in such a way that it’s crystal clear they wouldn’t know what to do with a data breach if it bit them in the nose, let alone festered unmolested in some dark corner of their operations.
Click to expand...

https://krebsonsecurity.com/2019/04/how-not-to-acknowledge-a-data-breach/

ronjor · Apr 18, 2019

Wipro Intruders Targeted Other Major IT Firms

The crooks responsible for launching phishing campaigns that netted dozens of employees and more than 100 computer systems last month at Wipro, India’s third-largest IT outsourcing firm, also appear to have targeted a number of other competing providers, including Infosys and Cognizant, new evidence suggests. The clues so far suggest the work of a fairly experienced crime group that is focused on perpetrating gift card fraud.
Click to expand...

guest · May 1, 2019

Wipro Threat Actors Active Since 2015
May 1, 2019
https://www.flashpoint-intel.com/blog/wipro-threat-actors-active-since-2015/

As more layers of the Wipro breach are peeled away, new intelligence about the actors behind the attack on one of India’s largest IT outsourcing and consulting organizations has emerged. Evidence uncovered by Flashpoint researchers links the threat actors to other malicious activity dating back to 2017, and possibly 2015, as well as the re-use of infrastructure from those older attacks.

Also, many legitimate security applications were abused during this campaign. For example, the phishing templates used to ensnare victims inside Wipro match those provided by a security awareness training provider.
Wipro has yet to publicly share any further details about the breach, which was made public April 15.
Click to expand...

guest · May 8, 2019

Lucy Security Simulated Phishing Template Used In Wipro Breach
May 7, 2019
https://www.mediapost.com/publicati...rity-simulated-phishing-template-used-in.html

Hackers “downloaded and copied a simulated phishing template, as part of their attack, using their own code and servers to deliver the attacks,” states Colin Bastable, CEO of Lucy Security.
Bastable adds, however, that “there is no evidence that hackers used Lucy software, other than using the template design.”

The templates are designed so that “legitimate users can expose their co-workers and clients to realistic but simulated phishing and social engineering attacks,” Bastable notes.
He continues that “clearly we would prefer that it was not used in this fashion."

Lucy Security founder Oliver Münchow states: “This breach demonstrates the need for training; organizations can’t rely solely on malware detection software or firewalls or hardware defenses.”
Click to expand...

guest · Jun 26, 2019

Wipro wasn't a one-off: Same hacking crew targeted scores of firms, big and small – researchers
June 26, 2019
https://www.theregister.co.uk/2019/06/26/wipro_hack_crew_much_bigger_operation_riskiq

RiskIQ said it had “identified at least five distinct attack campaigns based off analysis of the actor-owned infrastructure,” having analysed “both Passive DNS and SSL certificate data”.
Targeted companies included Western Union, Moneygram, Rackspace, Capgemini, Wipro, Staples, Costco, Expedia, Virgin Pulse, Messagelab and Sendgrid.

Templates from a Lucy counter-phishing training product were identical to those used by the Wipro attackers, according to RiskIQ, which said in its report:

Lucy comes with a variety of default phishing templates, and one of these templates was used during most of the phishing campaigns – including the now notorious Wipro case."
Click to expand...

RiskIQ: Meet the ‘Gift Cardsharks’ Behind the Massive Campaign Targeting Victims with Commercially Available Tools

Log in or Sign up

India's Wipro investigating potential breach of some employee accounts

guest Guest

ronjor Global Moderator

ronjor Global Moderator

guest Guest

guest Guest

guest Guest

Log in or Sign up

India's Wipro investigating potential breach of some employee accounts

guest Guest

ronjor Global Moderator

ronjor Global Moderator

guest Guest

guest Guest

guest Guest

Useful Searches