Bengaluru: Wipro Ltd’s admission on Tuesday that it is investigating a phishing attack on its computer systems is the latest high-profile cyber attack on a big technology firm. It won’t be the last.
The software services company confirmed a report by KrebsOnSecurity on the attack and said it has hired an independent forensics firm to assist with the investigation. The report had said attackers had used Wipro’s employee accounts to target its customers over several months.
“We identified and isolated those employee accounts, and already took remedies; we have also shared intelligence with partners for preventing such incidents. We also informed a handful of our customers, as a standard practice," a Wipro spokesperson said. “We will continue to monitor our infrastructure."
A day earlier, security researcher John Page had shown that hackers can use an unpatched exploit in the Internet Explorer browser to both spy on Windows users and steal data from their computers. In fact, email accounts across Microsoft’s Outlook, Hotmail and MSN services remained vulnerable for almost three months from 1 January to 28 March, even as Microsoft said that only a “limited" number of people had their accounts compromised in the breach.
As the world gets increasingly online, individuals, companies and governments are becoming hot targets for hackers. Wipro and Microsoft are simply cases in point.
In India alone, 76% organizations were hit by online attacks in the last year, compared to 68% across the globe, according to a survey by security firm Sophos released early last month. The survey added that 97% of IT managers admitted that security expertise is one of the greatest issues in India. It also found that, on an average, Indian organizations that investigate one or more potential security incidents each month spend 48 days a year (four days a month) investigating them.
The Wipro spokesperson said that the company received 4.8 million alerts from its cybersecurity team on potential breaches in its systems in the last fiscal year.
On 13 March, security firm Seqrite, the enterprise arm of Quick Heal Technologies, said it detected close to 50 million threats targeting enterprises in the second half of 2018. This translates to around 186 detections every minute. These detections included known and unknown threats such as crypto-jacking, ransomware, trojans, exploits, worms, infectors, potentially unwanted applications and ad-ware. Further, commercial spyware programmes called stalkerware run in the background on phones; these can be used to monitor and track device activity.
Seqrite researchers identified the IT/ITeS (IT-enabled services) industry as the most targeted sector, accounting for 27.8% of all malware detections. The professional services sector was second with a detection share of 24.4%, while manufacturing (17.7%) and education (11.1%) were also identified as at-risk industries.
Malware creators, according to the report, can leverage loopholes in data-intensive sectors such as healthcare, financial services and cloud services. There’s also the possibility of advanced persistent threats being deployed against specific nation-states, large organizations, government agencies and law enforcement systems, the report concluded.
To be sure, it’s not that companies are ignoring the issue. While Wipro has hired an independent forensics firm to investigate the reported breach, Infosys has said it is planning to open a cyber defence centre in Bucharest “this summer".
Newer threats, meanwhile, continue to emerge. Seqrite researchers detected more than 15,000 crypto-jacking hits a day on an average, totalling over 2.76 million detections. In crypto-jacking, hackers use compromised computers to mine cryptocurrency. Further, with more than 2,000 detections on a daily basis, ransomware—used by hackers to block a victim’s access to accounts in exchange for payment—remained one of the most persistent threats deployed by cybercriminals.
Healthcare companies are major concern. Through new software, companies have developed voice tools capable of handling patient information covered under the US Health Insurance Portability and Accountability Act.
Adam Levin, founder of cybersecurity firm CyberScout and author of Swiped, said in a 10 April press release: “Alexa is now making house calls and a treasure trove of medical data is being stored by this virtual assistant with major privacy and security implications. PHI or protected healthcare information is a prime target for hackers who can use the data in a host of identity theft schemes or sell it on the dark web. There have already been reports of Alexa going rogue and recording private conversations and then sharing that information with contacts. What if the device shared confidential medical data?"
These new technical advances may make our lives easier, acknowledges Levin, but cautions that as we see a greater pivot to privacy with the European Union's General Data Protection Regulation and the fact that breaches have become a certainty, “convenience should never trump consumer privacy and security".
As cybercriminals employ automation and machine learning to propagate attacks, security organizations need to do the same to combat these advanced methods, say experts.
Salman S.H. from Bengaluru contributed to the story.