APRIL 20, 2019
KrebsOnSecurity founder Brian Krebs on Friday reported security breaches by attackers on other competing firms of Wipro, namely Infosys, Cognizant, Capgemini in which their email systems were targeted in an apparent criminal hacking scheme related to gift card fraud. This comes after the blog broke the news of a cybersecurity breach at Wipro.
“Crooks responsible for launching phishing campaigns in computer systems of Wipro last month appear to have targeted a number of other competing providers,” Krebs’ blog post added.
The same attackers who broke into Indian outsourcing giant Wipro last month also likely targeted competitors Infosys and Cognizant, along with a number of retail, financial and consulting companies https://t.co/bFwrdeHpHx The attackers seem focused on gift card fraud. pic.twitter.com/AQLjrCYBMf
– briankrebs (@briankrebs) April 18, 2019
Capgemini’s internal security center (SOC) did detect and monitor suspicious activities occurred between March 4 and March 19, that showed similar patterns to the attack faced by Wipro. They took immediate remedial action and added, “There has been no impact on us, nor on our clients to date.”
However Infosys, after ascertaining through a thorough analysis of the indicators of compromise that they received from their threat intelligence partners, said there was no breach in its network, as per the statement mentioned in Krebs’ blog.
As per Krebs’ blog post on Monday, Wipro’s trusted networks and systems were being used to launch cyber attacks against Wipro’s customers. The attack was focused on perpetrating gift card fraud. Wipro had acknowledged the attack and launched a forensic investigation to look into it.
On their recent post about the cybersecurity breach events, the blog listed the number of malicious phishing domains and stated that they all were connected to an Internet address of a well-known bulletproof hosting company in Russia, called KingServers.
As per the blog, subdomains suggested the attackers may also have targeted American retailer Sears; Green Dot, the world’s largest prepaid card vendor; payment processing firm Elavon; hosting firm Rackspace; business consulting firm Avanade; IT provider PCM; and French consulting firm Capgemini, among others.
Updated Thursday’s story about the Wipro breach to include comment from multiple firms similarly targeted. Two of the targets said they’d had employees phished but that they responded to the incidents before the attackers could do more damage. https://t.co/YC0WE74dhe
– briankrebs (@briankrebs) April 20, 2019
Wipro has not confirmed yet if the investigation is complete. The billion dollar company denied Kerbs’ blog post that reported the company was subject to a systematic attack ‘over months’ and said it was a ‘zero-day attack’ which stands for a cyber attack or exploit, that occurs on the same day a weakness is discovered in software and for which a patch had not been set up to counter effectively.
Citing anonymous sources, the story published on KrebsOnSecurity reported, that the attack compromised more than 100 Wipro systems and installed ScreenConnect, a legitimate remote access tool on all of them. The attackers also searched their systems for specific phrases related to gift cards, and for clues about security systems the retailer was using.
Updated Thursday’s story about the Wipro breach to include comment from multiple firms similarly targeted. Two of the targets said they’d had employees phished but that they responded to the incidents before the attackers could do more damage. https://t.co/YC0WE74dhe
– briankrebs (@briankrebs) April 20, 2019
The pattern by the attackers throws light on the fact that they targeted companies indirectly had access to a significant amount of third-party company resources, and/or the companies that could be abused to conduct gift card fraud. The attackers appear to be after anything they can turn into cash fairly quickly.
Courtesy/Source: Business Today