What Data Center Managers Can Learn from the Wipro Phishing Attack
It starts with training, but there’s a lot more.
April 17, 2019
India-based technology giant Wipro, which offers a "boundaryless data center" among its services, has fallen victim to a phishing attack that may have led to attacks on its enterprise customers.
Wipro confirmed it had been attacked to Data Center Knowledge, a company spokesperson saying, "We detected a potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign."
The company has retained a "well-respected, independent forensic firm" to assist in the investigation, the spokesperson said, and is taking steps to "contain and mitigate any potential impact."
The company did not respond to questions about how customers were affected, and what they should be doing to protect themselves.
Wipro isn't the only tech giant susceptible to phishing.
According to Verizon's latest data breach investigations report, an average of 4 percent of people will fall victim to a phishing campaign. While this is down from 11 percent in 2014, attackers only need one person to let them in.
In addition, according to Verizon, 13 percent of all reported data breaches started with phishing, and 92 percent of all malware arrived via email.
"Data centers should prioritize security awareness training for their employees as highly as they prioritize standard practices like patch management," said Bill Siegel, cofounder and CEO at security vendor Coveware.
Once an attacker gets a foothold, even the biggest technology vendors are vulnerable.
"In the Wipro case, it appears phishing was used to gain network access using the compromised credentials of the employee that clicked a malicious link," he said. "It is likely that the attackers used this initial access to subsequently harvest administrative credentials."
After getting those, attackers would basically have free rein on a company's networks.
In Wipro's case, according to reports, at least eight of Wipro's customers were attacked as a result of the breach.
According to Coveware, phishing was also the attack vector in 30 percent of all ransomware cases during the first quarter of this year.
Ransomware attacks can be particularly devastating for data centers if customer data is lost. In addition, data centers can incur substantial costs in rebuilding systems and restoring data, as well as paying the ransom itself. And then there's the downtime while the data center recovers from the attack.
But people don't just randomly fall for phishing attacks.
According to Verizon, 78 percent of employees don't click on a single phishing email all year. What do they know that the rest of us don't? They know how to spot a phishing email -- and that's a skill that can be taught.
In addition, there are other steps data centers can take to protect their systems, including anti-phishing and anti-malware filtering for their email systems.
"Consider desktop hardening, continuous monitoring for network anomalies, privilege segregation, and four-eyes principle when accessing particularly sensitive data," said Ilia Kolochenko, CEO at ImmuniWeb, a Switzerland-based security vendor.
Security teams should also pay attention to the lateral movements available to attackers, said Mark Weiner, chief marketing officer at Balbix, a San Jose-based security vendor.
"Additional network segmentation or access control could have been in place to minimize or contain the adversary's actions," he said.
Even with all that in place, some phishing attacks may still get through.
"Where there are people, there is potential for a successful phishing attack," said Colin Bastable, CEO at Lucy Security, an Austin-based cybersecurity vendor.
And if the attack is against a vendor, those people might be outside your control, he added. "A trusted partner can easily become a Trojan horse."
So, what can you do? Plan for the worst.
"The message for data center managers is to have a remedial plan ready to execute in the event of a phishing attack being discovered, and to assume that a phishing attack will succeed in compromising data security," he said.
About the Author
You May Also Like