- Wipro admits IT systems breach, claims that phishing actors compromised a few of their employee accounts.
- Different sources, however, report that the incident is far more severe and that the attackers had long-term access to Wipro’s network.
- This comes in a troublesome period for the company’s business, as well as during security system policy transitions.
Wipro Ltd, the Indian IT consulting and business process services provider has succumbed to the media pressure and admitted that the rumored breach is indeed real. KrebsonSecurity was the first to report that Wipro is in the midst of an internal investigation, following a hacking incident that targeted their IT systems. Wipro preferred to stay silent on the matter for more than 24 hours, but they have finally released an acknowledging statement. According to it, they detected abnormal activity on their network last week, and this is now attributed to the actions of phishing actors who targeted a few of their employees.
Wipro Statement pic.twitter.com/Z7bPKpzJtC
— Wipro Limited (@Wipro) April 16, 2019
Wipro justifies the relative tardiness in their official response by highlighting the number of security incidents that they are called to investigate on a yearly basis, which reaches a number of 4.8 million. The company states that they have employed a well-respected independent forensic firm to assist them in the investigation, and since no further details were disclosed yet, we will deduce that it’s still ongoing. However, KrebsonSecurity who revealed the incident, talk about a large-scale problem that goes well beyond the allegations made by Wipro about the compromise of the accounts of a few employees.
According to unconfirmed sources, there appear to be at least another 11 companies that were attacked in the same context. When tracing back the attacks, they were all pointed to Wipro’s network. As it seems, the attackers compromised it and leveraged its infrastructure to conduct their activities. It is also rumored that the malicious actors have had access to the Wipro’s corporate email systems for quite some time already and that the company is in the process of setting up a new private email network from scratch.
Wipro has already been going through hard times since last year, having large-scale projects in Nebraska getting canceled in the middle of the work and paying $75 million lawsuit settlement to the US National Grid who received a poorly constructed SAP from the IT company in 2018. With the company having presence all around the world, the damage from this incident could be global, affecting even Fortune 500 companies. Right now, Wipro is consulting their customers about the indicators of compromise, and since the investigation is still ongoing, nothing else can be presumed.
In February, Wipro’s new Chief Information Security Officer, Sridhar Govardhan, shared his view on what he called a “friction-less security approach”. This is basically maintaining adequately robust security on all operational levels while at the same time taking away the things that slow down a business. Smart deployment of protection measures only where and when needed is definitely a business-enabler, but in the process of implementing their friction-less security, Wipro may have made a serious mistake.