How stealth, persistence allowed Wipro attacker to plunder supply chain

The recent network breach of Wipro, a prominent outsourcing company based in India, serves as a stunning reminder that digital transformation cuts two ways.Our rising dependence on business systems that leverage cloud services and the gig economy to accomplish high-velocity innovation has led to a rise in productivity. However, the flip side is that we’ve also created fresh attack vectors at a rapid rate – exposures that are not being adequately addressed.Related: Marriott suffers massive breachWe now know, thanks to reporting from cybersecurity blogger Brian Krebs, that the Wipro hack was a multi-month intrusion and likely the work of a nation-state backed threat actor. What’s more, the attackers reportedly were able to use Wipro as a jumping off point to infiltrate the networks of at least a dozen of Wipro’s customers.Wipro issued a media statement, via its Economic Times division, acknowledging “potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign .