Indian IT services company, Wipro, recently sensed some abnormal activity in a few employee accounts on its network, owing to an advanced phishing campaign. The cyber attack was first reported by a blog. Expressing concern over its employee accounts being compromised, the Company has already begun investigating the issue with the help of a forensic organisation, and is also looking at ways to control any adverse potential impact.
A cyber security blog, KrebsOnSecurity, revealed that Wipro’s systems had been penetrated and the data was being misused to attack its clients. The blog also stated that not less than a dozen clients’ systems were being targeted through the Company’s systems. According to the blog Wipro’s internal e-mail system had also been compromised, but the Company denies this.
The cyber attack was described as a ‘zeroday attack’, that is, an attack on the very day that a software weakness is detected. Such an attack makes it difficult to fix the breach.
However, the COO of the Company has assured that the breach will have no adverse effect on the financials, and that steps had been taken to rectify the situation and mitigate the impact, if any.
The Company also maintains that the breach will not have any legal ramifications. The chief information security officer of the Company has alerted the clients with whom the employees in question were associated, but is regularly in touch with them to resolve issues if any.
Wipro is working on improving its security practices, and is constantly monitoring the enterprise and its systems.