India-based IT outsourcing company confirms breach
IT outsourcing firm Wipro has hired a security forensics firm to investigate a breach that enabled hackers to use its systems to attack downstream clients.
The Lowdown: Wipro believes hackers penetrated “a few” of its corporate e-mail accounts through phishing attacks. From there, they were to access other systems and, as Krebs on Security reports, attack downstream managed service accounts.
The Details: Despite not initially acknowledging the attack, Wipro says it’s acting expeditiously with internal resources and a third-party incident response specialist to investigate, evaluate, and address the security breach and correct system flaws.
The Impact: The extent of the damage caused by the breach is unknown.
Background: Managed service providers of all sizes are increasingly becoming favorite targets of hackers, as they can be used to access client systems. The volume of attacks against MSPs rose substantially in 2018, although exact figures are inconsistent.
The Buzz: “We’re leveraging our industry-leading cybersecurity practices and collaborating with our partner ecosystem to collect and monitor advanced threat intelligence for enhancing security posture,” Wipro said in statement. “We have also retained a well-respected, independent forensic firm to assist us in the investigation. We continue to monitor our enterprise and infrastructure at a heightened level of alertness.”