Security Newsletter

29 April 2019

Breach at IT Outsourcing Giant Wipro

Indian information technology (IT) outsourcing and consulting giant Wipro Ltd. is investigating reports that its own IT systems have been hacked and are being used to launch attacks against some of the company’s customers, multiple sources tell KrebsOnSecurity. Wipro has refused to respond to questions about the alleged incident.

Both sources, who spoke on condition of anonymity, said Wipro’s systems were seen being used as jumping-off points for digital fishing expeditions targeting at least a dozen Wipro customer systems. The security experts said Wipro’s customers traced malicious and suspicious network reconnaissance activity back to partner systems that were communicating directly with Wipro’s network.

One source familiar with the forensic investigation at a Wipro customer said it appears at least 11 other companies were attacked, as evidenced from file folders found on the intruders’ back-end infrastructure that were named after various Wipro clients. That source declined to name the other clients. The other source said Wipro is now in the process of building out a new private email network because the intruders were thought to have compromised Wipro’s corporate email system for some time. The source also said Wipro is now telling concerned clients about specific “indicators of compromise,” telltale clues about tactics, tools and procedures used by the bad guys that might signify an attempted or successful intrusion. Wipro says it has more than 170,000 employees helping clients across six continents with Fortune 500 customers in healthcare, banking, communications and other industries. In March 2018, Wipro said it passed the $8 billion mark in annual IT services revenue.

 

The Anatomy of Highly Profitable Credential Stuffing Attacks

Credential stuffing attacks are one of today's most prevalent threats to online businesses everywhere. But despite this threat rising on everyone's radar in the infosec community, very little is known about how criminal groups are performing these attacks.

Credential stuffing is a term used by the cybersecurity industry to describe a particular type of automated attack against a website or application's login system. It relies on a hacker taking username-password combos that have been leaked via data breaches at other companies, and attempting to use these leaked credentials in the hope of gaining access to accounts on other sites -- exploiting users' habit of reusing usernames and passwords across multiple online services.

Credential stuffing is a relatively new attack vector and has been fueled by the huge leaks of user credentials that have taken place since 2016, after hacks at LinkedIn, VK.com, Tumblr, Twitter, and many other major platforms. Hundreds of millions of username and password credentials were dumped online in 2016, and other leaks have continued to pop up regularly since then, supplying fresh cannon fodder for criminal gangs to use for their attacks.

Organizations can protect their users by implementing multi-factor authentication (MFA) "which blocks the credential stuffing attack vector" but some of them already confirmed that they "may not be prepared to choose security over convenience." On the other hand, end users can do their part by never using the same password on more than one service, utilizing a password manager to safely store their credentials and generate more complex passwords, as well as turning on two-factor authentication (2FA) for all services that support it.

 

Facebook Could Be Fined Up To $5 Billion Over Privacy Violations

Facebook expects to face a massive fine of up to $5 billion from the Federal Trade Commission (FTC) as the result of an investigation into its privacy policies—that's about one month's revenue for the social media giant.

To be clear the amount of fine is not what the FTC has announced or hinted yet; instead, it's an estimated due that Facebook disclosed on Wednesday in its first quarter 2019 financial earnings report. In its earnings report, Facebook said the company had set $3 billion aside in anticipation of the settlement with the FTC, who launched a probe into Facebook following the Cambridge Analytica scandal.

The FTC launched an investigation into Facebook last year after it was revealed that the company allowed Cambridge Analytica access to the personal data of around 50 million Facebook users without their explicit consent.

 

More #News

 

#Patch Time!

 

#Tech and #Tools

Kindred Group is growing, so does the Group Security team! We're looking for new talented professionals to come join us:

• You like to break things, then explain how to fix it? Be part of our Cyber Security team
• You prefer the blue team side? Check out our Security analyst position
• You're into identity and access management? We are looking for an IAM Specialist
• Interested in Governance, Risk and Compliance? Apply for our Information Security Specialist role

Kindred is one of the largest online gambling companies in the world with over 24 million customers across 100 markets. You can find all our open vacancies on our career page.

This content was created by Kindred Group Security. Please share if you enjoyed!

Kindred Group in brief

Kindred is one of the largest online gambling companies in the world with over 24 million customers across 100 markets. We offer pre-game and live Sports betting, Poker, Casino and Games through 11 brands across our markets. We are committed to offer our customers the best deal and user experience possible, while ensuring a safe and fair gambling environment. Kindred is a pioneer in the online gambling industry and as an innovation driven company that builds on trust.