Please fill in the form below to subscribe to our blog

Categories

Tags

Australia BullPhishID BullPhish ID Canada commercial credential stuffing cyberattack cybercrime cybersecurity Dark Web dark web credential loss Dark Web ID dark web monitoring dark web threat Data Breach Data Breach Alerts data compromised data loss prevention data theft France hacking healthcare insider threats Japan MSPs MSP Solutions MSP Space nation-state hackers Passly passwords phishing phishing resistance phishing resistance training ransomware remote working retail security security awareness training SMB cybersecurity stolen credentials supply chain risk The Week in Breach third party risk United Kingdom United States

The Wipro Breach: A Demonstration of Third-party and Supply Chain Risk

April 18, 2019

Advanced phishing and supply chain vulnerabilities – these seem to be the successful attack vectors that hackers have used to compromise Wipro, an Indian multinational corporation that provides information technology, consulting and business process services. Notable security researcher, Brian Krebs, reports confirmation that a nation-state actor had been inside the company’s systems for months, identifying opportunities to attack its vast customer base – currently, at least a dozen of the firm’s clients have been targeted as a direct result of this breach. Additional sources have claimed that Wipro’s corporate e-mail system had also been compromised for some time, forcing the company to build out a new private system.

Who’s the Bad Guy?

While the attack has not been attributed to a specific group, security researchers note that it bears a resemblance to those launched by the Chinese hacking group APT10 – almost always beginning with a phishing campaign targeted against a third-party partner. The group has a demonstrated history of attacking Managed Service Providers in order to gain access to a larger swath of targets. Last year, the Australian Cyber Security Center blamed APT10 for attacks on at least nine global service providers, and the UK’s National Cyber Security Centre said it is aware of malicious activity currently affecting UK organizations across a broad range of sectors.

Takeaways

The Wipro breach seems to be a textbook case of exactly how not to handle a breach. Refusal to acknowledge and inconsistencies in what they will acknowledge have done nothing but increase not only confusion in reporting on the incident, but also mistrust in the company. Additionally, it highlights how critical it is that organizations properly protect their assets and address the vulnerabilities inherent to human error. Companies must extend beyond robust network security and incorporate systematic employee training, supply chain security assessment and ongoing monitoring, and third-party security, among other methods of defense.

Last October, the FBI warned Managed Service Providers about the increasing occurrence of Chinese hacking groups targeting them specifically.  MSPs have unparalleled access to their clients’ networks, so compromising an MSP can give these groups direct access into dozens, hundreds, or even thousands of businesses and their client data. The number one way attackers penetrate networks is with stolen credentials, according to the alert.

ID Agent provides a robust suite of services to address the risks highlighted in the Wipro breach. BullPhish ID™ delivers security awareness training and phishing simulations created specifically to help employees recognize and avoid phishing traps like those used to infiltrate Wipro’s systems. Dark Web ID™ monitors the dark web for employee and supply chain credential exposure, which most often results from using those credentials on third-party websites. SpotLight ID™ provides comprehensive personal identity protection and restoration services for employees and customers, mitigating risk and providing peace of mind.