In the wake of Wipro data breach, Nasscom monitoring cyber threats to IT industry

“Security threat ecosystem is increasingly getting sophisticated, advanced and targeted, with many state and non-state actors seen launching such campaigns. It demands an advanced level of preparation and investigation abilities. The industry has taken this instance seriously and carrying out thorough investigations, taking into consideration of all indicators of the attack,” Nasscom said in a statement shared with CNBC-TV 18.

“NASSCOM, through Data Security Council of India, is in touch with members and closely monitoring the development,” it added.

Investigative journalist Brian Krebs in his blog last week had said that Wipro's systems had been targeted in a phishing attack, which seemed to have also impacted at least a dozen clients of the company. The journalist went on to highlight more such instances of phishing attempts in other IT companies such as Infosys, Capgemini and Cognizant.

Wipro confirmed that it had detected 'abnormal activity' two weeks ago and told CNBC-TV18 on Monday that it is working with multiple partners in the security domain 'who have an understanding of operations' to expedite the investigation process.

“About two weeks ago, we detected a potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign.  We began an investigation as soon as we learnt about the incident, quickly identified the affected users and took remedial steps to contain and mitigate any potential impact. As a responsible partner and in line with our standard protocol, we immediately and proactively informed the few customers with whom these employees were engaged," the company said in a statement.

“We have engaged an independent forensic firm to assist us in the investigation. Also, we are working with multiple partners who have an understanding of our operations, which we believe will help expedite the investigation process,” the company added.

Paris-headquartered Capgemini said it detected and monitored suspicious activity between March 4 and March 19, similar to the attack on Wipro. It said that the activity concentrated on a very limited number of laptops and servers, “There has been no impact on us, nor on our clients to date.”

Cognizant said that following reports of the cyber threat, it initiated a review and found no indication that any client data was compromised.

Infosys, which was also mentioned in the blog, said its systems were not breached and that the company was working with threat intelligence partners to strengthen security

Nasscom said Indian IT companies have been taking steps to boost security, including setting up advanced cyber defence operations, deploying APT (advanced persistent threat) defence solutions, carrying out comprehensive threat hunting operations, and active monitoring of dark network activities among others.