Cybersecurity blog KrebsOnSecurity in its latest post KrebsOnSecurity said “the crooks responsible for launching phishing campaigns that netted dozens of employees and more than 100 computer systems last month at Wipro, India’s third-largest IT outsourcing firm, also appear to have targeted a number of other competing providers, including Infosys and Cognizant, new evidence suggests”.
It further stated that the “fairly experienced crime group” is focused on perpetrating gift card fraud.
Earlier this week, KrebsonSecurity had first reported that Wipro’s systems had been breached and were being used to launch attacks against some of its clients. Wipro had then confirmed that it had been subjected to an “advanced phishing campaign” that affected a few of its employee accounts.
When contacted, Infosys in an emailed statement said the company has not observed any breach of its network based on its monitoring and threat intel.
“This has been ascertained through a thorough analysis of the indicators of compromise that we received from our threat intelligence partners. We continue to strive to improve our security posture and have deployed an advanced threat protection solution to protect the company’s email gateways, endpoints and network,” it added.
Infosys said the company is also working with its threat intelligence partners to get more information on attack vectors and threat actors to further strengthen its IT and cybersecurity controls.
A Cognizant spokesperson said since the criminal activity first surfaced earlier this week, the company’s security experts took immediate and appropriate actions including initiating a review.
“While our review remains ongoing, we have seen no indication to date that any client data was compromised. It is not unusual for a large company like Cognizant to be the target of spear phishing attempts such as this. The integrity of our systems and our clients’ systems is of paramount importance to Cognizant,” the spokesperson said.
The spokesperson added that the company continuously monitors, updates and strengthens its systems against unauthorised access and has put additional protocols in place related to this specific industry-wide incident.
On Tuesday, Wipro had said a few of its employee accounts were affected in an “advanced phishing campaign”, and the company has taken remedial steps to contain and mitigate any potential impact.
The Bengaluru-based company has also retained an independent forensic firm to assist the company in its investigation of the matter. SR SID MR MR
News credit : Indiatimes