TOP IT FIRMS UNDER THREAT OF CYBERATTACK
20, Apr 2019
Why in News:
- Criminals may be targeting Infosys and Cognizant, after Wipro, says security website Krebs on Security
- India’s leading tech players may be under serious threat from cyber criminals, according to cybersecurity investigation website KrebsOnSecurity.com.
- The website is run by former Washington Post staffer and cybersecurity writer, Brian Krebs. A fresh post on the website said the criminals responsible for launching phishing campaigns that netted dozens of employees and more than 100 computer systems last month at Wipro, India’s third-largest IT outsourcing firm, also appear to have targeted a number of other competing providers, including Infosys and Cognizant, as per new evidence available
- with the website. It appears the attackers in this case are targeting companies that in one form or another have access to either a tonne of third-party company resources, and/or companies that can be abused to conduct gift card fraud.’’
- Cognizant’s spokesperson from the U.S. told The Hindu: “We are aware of reports that our company was among many other service providers and businesses whose email systems were targeted in an apparent criminal hacking scheme related to gift card fraud.
- Since the criminal activity first surfaced earlier this week and following reports that another service provider’s email system was allegedly compromised, Cognizant’s security experts took immediate and appropriate actions including initiating a review.”
- It is not unusual for a large company like Cognizant to be the target of spear phishing attempts such as this. Infosys, in a statement said: “Infosys would like to assure all our stakeholders that we have not observed any breach of our network based on our monitoring and threat intelligence. This has been ascertained through a thorough analysis of the indicators of compromise that we received from our threat intelligence partners.”
- In addition, we are working with our threat intelligence partners to get more information on attack vectors and threat actors to further strengthen our IT and Cyber security controls,’’
- It is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.
- Phishing email will direct the user to visit a website where
- they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has.
- The website, however, is bogus and set up only to steal the information the user enters on the page.
Phishing emails are blindly sent to thousands, if not millions of recipients.
By spamming large groups of people, the “phisher” counts on the email being read by a percentage of people who actually have an account with the legitimate company being spoofed in the email and corresponding webpage.