Wipro CEO Abidali Neemuchwala has claimed the IT outsourcing giant was able to detect and respond “quite fast” to a security breach that used Wipro’s network as a launch pad for bad actors to carry out attacks against its own customers
At the same time, Neemuchwala called the original KrebsOnSecurity report yesterday “not entirely accurate” though he did not say what was wrong with it.
“We were able to detect and respond to this quite fast and we’ve had some customers appreciate it,” said Neemuchwala. “I can understand a lot of customers are anxious about it because what came in the (KrebsOnSecurity) blog, as you can expect is not entirely accurate, but we are responding to customers.”
Customers found to be at risk have already been contacted, Neemuchwala said.
“Now since it is out in the media we are talking to all the customers to avoid their anxiety...They appreciate what we’ve done,” he said.
Another Wipro executive told analysts that the attack involved “a few of our employee accounts” who were subjected to “an advanced phishing campaign.” The executive said the accounts were isolated and immediate steps were taken to contain “this incident” and mitigate “any potential attacks.”
The executive said Wipro informed a “handful” of customers and they continue to monitor their network through advanced threat mechanics
The Indian IT outsourcing company is reportedly the victim of a months-long intrusion from a state sponsored cyber attack, two sources told KrebsOnSecurity. Both sources said that Wipro’s systems were used to target at least a dozen of its own client’s systems. Wipro did not address whether the security breach was a nation -state attack.
According to KrebsOnSecurity, Wipro’s own customers traced suspicious network activity back to partner systems that were in direct communication with Wipro’s network. File folders found on the intruders' back-end infrastructure were named after various Wipro clients, a source told KrebsOnSecurity, and suggest that at least a dozen companies were attacked.
Wipro is currently in the process of building out a new private email network because the intruders were believed to have compromised the company's corporate email system for quite some time, another source told KrebsOnSecurity. The company is now telling concerned clients about specific "indicators of compromise," or clues that might signal an attempted or successful intrusion.
In an interview with CRN recently, Wipro Digital President Rajan Kohli identified cybersecurity as one of the company's four main areas of investment thanks to the increased connectivity and digitization of networks. Specifically, Kohli said that a lack of integration between established security products means that customers end up with a lot of data, but very little actionable insight.
"We’re building those dashboards, and building that glue that bind these various products, and helps clients make an actionable insight," Kohli said. The time to response becomes very critical to cybersecurity."