IT outsourcing giant Wipro is conducting a forensic investigation into the motive and modus operandi of the phishing attacks on some of its employees' accounts.
The company's Chief Operating Officer Bhanumurthy BM said: “We came to know of a potentially abnormal activity from our network, which was related to very few employee accounts. These employee accounts were subjected to very advanced phishing activity.” Bhanumurthy BM was addressing the media after the company's fourth-quarter results.
“We have contained the attack. We are conducting forensics, what is the motive and modus operandi and all of that takes time. That is an ongoing activity,” he added
On April 16, when Wipro was set to announce its financial results, reports of a cyberattack on some of its employee accounts were exposed on cybersecurity blog KrebsOnSecurity. The website stated that the intrusion is from a state-sponsored attacker and targeting at least a dozen Wipro customer systems.
The mail sent to Wipro by KrebsOnSecurity did not elicit a response from the company. Commenting on the KrebsOnSecurity’s allegation, Abidali Z Neemuchwala, CEO and Executive Director said the company cannot comment on what the blog stated and the company is doing what is needed to contain the attack.
Talking about the steps taken by the company, Bhanumurthy said, “Now like any large enterprise that monitor events, we also investigate. For a year we investigate 4.8 million alerts.”
“Learning about this alert we triggered our standard procedure that is required in such a situation and we began investigating this particular incident,” he added.
The company has identified and isolated those employee accounts that were impacted by this incident. It has also taken remedial steps required to contain the incident and mitigate any potential effects on our systems.
Saurabh Govil, President and Chief Human Resources Officer, said, “This is what you call a zero-day attack.” This means an attack that targets publicly known but still unpatched vulnerabilities.
“This essentially means that anti-virus is not done. Once you identify we were able to help our partners and coordinate with our partners. We were able to create a signature that we could clean up and monitor our entire enterprise,” Govil added.
The company has used its cybersecurity capability and also collaborated with its partner ecosystem to develop the antivirus signature that is required for preventing such incidents.
“That particular batch we have already rolled out within our enterprise. We have also informed a handful of customers, where these Wipro employees are associated with as a part of our standard protocol,” Bhanumurthy added.
The company will continue to collaborate with its partner ecosystem and use advanced threat intelligence to further enhance our security. “Our internal infrastructure will continue to monitor with a high level of alertness,” he said.
However, the company did not disclose the name or number of customers attacked. They also did not reveal the duration of the investigation.