Leading IT Firms Say They’ve Beefed Up Security But Deny Data Breach
Software services giants Infosys Ltd. and Cognizant said they have not observed any data breach and they remain vigilant against cyber attacks that appear to be targeting technology players.
Yesterday, cybersecurity blog KrebsOnSecurity, which had also reported a breach in Wipro Ltd.’s system last week, noted that other IT firms were targetted by the same hackers. “The crooks responsible for launching phishing campaigns that netted dozens of employees and more than 100 computer systems last month at Wipro, India’s third-largest IT outsourcing firm, also appear to have targeted a number of other competing providers, including Infosys and Cognizant, new evidence suggests,” the blog run by American journalist Brian Krebs said. “The clues so far suggest the work of a fairly experienced crime group that is focused on perpetrating gift card fraud.”
When contacted, Infosys in an emailed statement said the company has not observed any breach of its network based on its monitoring and threat intel. “This has been ascertained through a thorough analysis of the indicators of compromise that we received from our threat intelligence partners,” Infosys said. “We continue to strive to improve our security posture and have deployed an advanced threat protection solution to protect the company’s email gateways, endpoints and network.”
Infosys said the company is also working with its threat intelligence partners to get more information on attack vectors and threat actors to further strengthen its IT and cybersecurity controls.
A Cognizant spokesperson said since the criminal activity first surfaced earlier this week, the company’s security experts took immediate and appropriate actions including initiating a review. “While our review remains ongoing, we have seen no indication to date that any client data was compromised. It is not unusual for a large company like Cognizant to be the target of spear phishing attempts such as this. The integrity of our systems and our clients’ systems is of paramount importance to Cognizant,” the spokesperson said.
The spokesperson added that the company continuously monitors, updates and strengthens its systems against unauthorised access and has put additional protocols in place related to this specific industry-wide incident.
Earlier this week, KrebsonSecurity had first reported that Wipro's systems had been breached and were being used to launch attacks against some of its clients. Wipro had then confirmed that it had been subjected to an “advanced phishing campaign” that affected a few of its employee accounts.
On Tuesday, said a few of its employee accounts were affected in the breach but the company has taken remedial steps to contain and mitigate any potential impact.
The Bengaluru-based company has also retained an independent forensic firm to assist the company in its investigation of the matter.