Phishing/Smishing

2019 PHISHING ATTACK ON WIPRO

• In April 2019, WIPRO detected abnormal activities on some of its
employee accounts due to an advanced phishing attack.

• The WIPRO systems were being used as the originating point for
digital phishing activities that targeted the customer systems.

• Cloud hopper (a Chinese APT) was being considered as the prime

suspect behind the activity.

• The company’s stock declined by 2% after the attack.

• This incident came after the National Counterintelligence and

Security Center launched a campaign to educate businesses about
the risks of cyberattacks in January 2019.
Dissecting the attack
• Malicious activity has been tracked to the systems communicating
with corporate email network
• Few employees account were subjected to persistent phishing and
used to communicate with customers
• Attackers used ConnectWise Control a 3rd party remote support
system to connect.
Steps taken up by Wipro to mitigate the attack
• Wipro started leveraging industry-leading cybersecurity practices and
planning to implement advanced threat intelligence platforms
• Collaborated with independent forensic firm to assist in the investigation
• Increased level of alertness to monitor the enterprise and infrastructure
Threat intelligence platform: (Open source and commercial)
• Checks SSL certificates, host infrastructure and identifies vulnerabilities
• Implement an automated process which reads any information about the
email campaign and sends to the email handling security team
What is Phishing?
• Phishing is a cybercrime in which scammers sends a malicious email to
individuals or mass users of organization by impersonating a known
individual/business partner/service provider.
• It opens the doors for attackers to enter your system and access
confidential data to misuse it or sell it.
• Once phishers get control over devices, they can send the emails to other
people connected to the server.
• SMiShing -> the user is targeted by using sms alerts.
• Most common forms are email spoofing, mass target, url phishing, popup
messages, etc.
Other phishing cases
• Operation Phish Phry
• Walter Stephan
• The Target/FMS Scam
• The Ukranian Power Grid Attack
• The Moscow World Cup Vacation Rental Scam
How to avoid Phishing?
• Check the sender details – confirming the identity through human efforts – or
by enabling a third-party solution for anti-phishing protection in your
organization

• Hover over any link in the email to see the landing page before clicking on it

• Delete unwanted/suspicious emails

• Don’t click on suspicious links

• Up-to-date browser works as an extra security layer from these types of

phishing attacks.
https://youtu.be/hT019N7fdw4
Thank You!