Wipro hacking eyeopener for Indian firms: Experts


New Delhi,  Cyber security experts on Wednesday raised alarms over the attack on IT bellwether Wipro, saying that no organisation, regardless of its size, is immune from sophisticated cyber criminals in India.

Wipro is currently investigating the hacking into its IT systems which are allegedly being used to launch attacks against some of the company’s customers.

Cyber security blog KrebsOnSecurity first reported the Wipro breach. Citing anonymous sources, it said Wipro’s systems were being used to target at least a dozen customer systems.

“The latest cyber attack on Wipro’s IT systems are deeply concerning — and yet not surprising. The reports suggest that nefarious actors compromised digital identities/credentials of approved users so as to operate within the Wipro network, masquerading as insiders,” Surendra Singh, Senior Director and Country Head, Forcepoint, told IANS.

The global software major on Tuesday reported a Rs 2,494 crore net profit in the fourth quarter of fiscal 2018-19, registering 38 percent annual growth. For fiscal 2018-19, net profit grew 12.4 per cent annually to Rs 9,000 crore.

Revenue from IT services business grew 2.8 per cent annually and 1.4 per cent quarterly to Rs 14,565 crore for the quarter.

The security experts in the KrebsOnSecurity blog said “Wipro’s customers traced malicious and suspicious network reconnaissance activity back to partner systems that were communicating directly with Wipro’s network”.

According to Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies Ltd, the incident once again reiterates the fact that no organisation regardless of its size is immune from cybercriminals and should be an eyeopener.

“While we will have to wait to understand the extent of the attack, phishing continues to be the most common vector for cybercriminals purely due to its effectiveness,” Katkar said.

The basic tactic of phishing is to misguide unsuspecting employees into either revealing critical information or clicking on suspicious links which are disguised as coming from a trustworthy source.

“In addition to investing in security solutions, it is equally important for organisations to invest in regular employee training and awareness programmes,” Katkar noted.

Sophisticated attacks are increasingly being launched on enterprises and government agencies to gain access to critical data and intellectual property.

“Traditional security approaches for combating such cyber attacks are no longer effective in today’s digital world. To secure the digital enterprise, CSO/CISOs need to understand who is accessing data and why,” said Singh.

Neelesh Kripalani, Senior Vice President and Head, Center of Excellence (CoE) at IT services provider company Clover Infotech said it is imperative for organizations to stay ahead of the game against the hackers.

“The approach towards cyber security threats needs to be proactive rather than reactive. We recommend implementation of Database Activity Monitoring (DAM) solutions to monitor database traffic for detection and blocking of threats,” he added.