The Indian information technology consultancy firm Wipro has confirmed to the Economic Times that it is investigating a phishing attack that may have allowed its systems to be used to attack many of its clients.
Wipro believes it was targeted, possibly by a nation-state attacker, who then used the company’s own systems to deliver follow up attacks on at least 12 of its customers, essentially making this a very prominent supply chain attack.
“We detected a potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign. Upon learning of the incident, we promptly began an investigation, identified the affected users and took remedial steps to contain and mitigate any potential impact,” Wipro Ltd said in a statement.
Additionally, Wipro said it has retained an outside forensic firm to assist and that it has in house an extensive security apparatus that is working on the problem.
Matan Or-El, CEO of Panorays, pointed out that companies need to check the security level of all third-party vendors, regardless of their size or prominence in the industry.
“For this reason, companies need to develop a security policy and ensure that their third parties – vendors, suppliers, business partners – adhere to it. This is important not only during screening and onboarding of the suppliers, but throughout their whole business relationship, and requires continuous monitoring of the supplier’s digital presence,” he said.
The large number of Wipro customer’s potentially impacted by the breach, which some reports say was on-going for months, will require a serious uptick in their vigilance going forward particularly if the attacker has had time to infiltrate their systems.
“Every Wipro customer should be hyper-aware of the potential of such attacks coming from this previously trusted domain. Employees should be on red alert for any email from this domain until such time as Wipro demonstrates that it’s email system is rearchitected,” said Mark Bower, chief revenue officer and North American general manager at Egress Software Technologies.
Because of the tremendous responsibility Wipro has to its customers Bower and Dan Tuchler, CMO of SecurityFirst, said the company needs to be completely forthright let customers know whether they were using message encryption internally to protect customer emails.
“The increasing complexity and interconnectedness of IT infrastructure makes it harder to protect. Wipro, a firm with broad IT expertise, is a victim and a part of a complex hack against some of their customers, despite extensive security and monitoring measures. This underscores the importance of protecting data where it resides on servers, including encryption, comprehensive key management, and data access policy control. These attacks are not going to stop. Organizations must defend the security of their data,” Tuchler.