Violation of IT Outsourcing Giant Wipro – Krebs on Security

Indian IT outsourcing and consultant giant Wipro Ltd. [NYSE:WIT] investigates reports that their own IT systems have been hacked and used to launch attacks on some of the company's customers, says several sources KrebsOnSecurity. Wipro has refused to answer questions about the alleged incident.

Earlier this month, KrebsOnSecurity heard independent of two trusted sources that Wipro – India's third largest IT outsourcing company – was dealing with a multi-year intrusion from an alleged state-sponsored attacker.

Both sources, who spoke because of anonymity, said that Wipro's systems were seen to be used as jumping points for digital fishing expeditions targeting at least a dozen Wipro customer systems.

Security Experts said Wipro's customers are tracing malicious and suspicious network reconnaissance activity back to partner systems that communicate directly with Wipro's network.

9. April, KrebsOnSecurity reached out to Wipro for comment. It led to an email on April 1[ads1]0 from Vipin Nair Wipro's communication head. Nair said he was traveling and needed a few days to gather more information before receiving an official response.

On Friday 12. April, Nair sent a statement that did not confirm any of the questions. Wipro was asked for an alleged security incident that involved attacks against his own customers.

"Wipro has a multi-layer security system," the company wrote. "The company has robust internal processes and a system of advanced security technology in place to detect phishing attempts and protect itself against such attacks. We constantly monitor our entire infrastructure with increased alertness to handle any potential cyber threat."

Wipro has did not respond to several more requests for comment. Since then, two sources of knowledge of the study have come to confirm the sketches of the event described above.

A source familiar with forensic investigation at a Wipro customer said that at least 11 other companies appeared to be attacked, as evidenced by file folders found on the intruder's back-end infrastructure named after various Wipro client. That source refused to mention the other clients.

The other source said that Wipro is now building a new private email network because the intruders were believed to have compromised Wipro's email system for a while. The source also said that Wipro now tells worried clients about certain "compromise indicators", telltale clues about tactics, tools, and procedures used by the wicked who can mean a tried or successful burglary.

Wipro says it has more than 170,000 employees helping customers across six continents with Fortune 500 clients in health, banking, communications and other industries. In March 2018, Wipro said it passed the $ 8 billion mark in annual IT services.

The apparent breach comes in the middle of changing fortunes at Wipro. On March 5, the state of Nebraska suddenly interrupted a contract with Wipro after spending $ 6 million with the company. In September 2018, the Nebraska Health and Human Services Department issued a resignation letter to Wipro, ordering it to stop the upgrade of the state's Medicaid registration system and leaving the state offices. Wipro now sues Nebraska and says that the project was on schedule and on budget.

In August 2018, Wipro paid $ 75 million to settle a lawsuit over a botched SAP implementation allegedly costing the National Grid United States hundreds of millions of dollars to fix.

Another curious, just random development: On April 4, 2019, India's government sold "enemy" shares in Wipro worth around $ 166 million. According to this article in The Business Standard enemy shares are so-called because they were originally held by people who migrated to Pakistan or China, and no longer Indian nationals.

"A total of 44.4 million shares, held by the manager of Enemy Property for India, were sold to Rs 259 each at Bombay Stock Exchange," The Business Standard reported. "The buyers were state-owned Life Insurance Corporation of India (LIC), New India Assurance and General Insurance Corporation. LIC"

Wipro is expected to announce its fourth quarter earnings report on Tuesday, April 16 (PDF).

Tags: Wipro data breach

You can jump to the end and leave a comment. Pinging is currently not allowed.

Source link

Back to top button

mahjong slot