Wipro’s public response so far:
- Ignore reporter’s questions for days and then pick nits in his story during a public investor conference call.
- Question the stated timing of breach, but refuse to provide an alternative timeline.
- Downplay the severity of the incident and characterize it as handled, even when they’ve only just hired an outside forensics firm.
- Say the intruders deployed a “zero-day attack,” and then refuse to discuss details of said zero-day.
- Claim the IoCs you’re sharing with affected clients were discovered by you when they weren’t.
The source said a subsequent phishing campaign between March 16 and 19 netted 22 additional Wipro employees, and that the vendor investigating the incident has so far discovered more than 100 Wipro endpoints that were seeded with ScreenConnect, a legitimate remote access tool sold by Connectwise.com.
Additionally, investigators found at least one of the compromised endpoints was attacked with Mimikatz
The source also said the vendor is still discovering newly-hacked systems.
https://krebsonsecurity.com/2019/04/how-not-to-acknowledge-a-data-breach/
No comments:
Post a Comment