Slalom Consulting Thwarts Phishing Campaign That Led To Wipro Breach

Slalom said it detected and prevented phishing attack activity through a combination of advanced security monitoring, security awareness training, and threat intelligence automation.


Slalom Consulting appears to be the first IT service provider targeted in the Wipro campaign to have successfully stopped the hackers from breaching their systems.

The Seattle-based company, No. 37 on the 2018 CRN Solution Provider 500, said it was able to detect and prevent phishing attack activity between March 4 and March 19. That timeframe overlaps with when dozens of Wipro employees and more than 100 of the IT outsourcing giant's computer systems were compromised, according to KrebsOnSecurity.

Slalom said it successfully detected, alerted and prevented an event through a combination of advanced security monitoring, security awareness training and threat intelligence automation, according to a company spokesperson. The advanced security monitoring comes courtesy of the company's around-the-clock Security Operations Center (SOC), according to the $1 billion IT consulting powerhouse.

Sponsored post

[Related: Avanade, Capgemini Also Hit In Campaign Tied To Wipro Hackers]

The company said it verified the thwarted attack through internal forensics and with the support of threat intelligence partners. Slalom employs more than 6,500 people, according to the company, and counts more than half the Fortune 100 and a third of the Fortune 500 as clients.

KrebsOnSecurity first reported last week that the threat actors responsible for launching an advanced phishing campaign against Wipro also went after Avanade, Capgemini, Cognizant, Infosys, PCM, Rackspace, and Slalom. The campaign appears to be perpetuated by a cybercrime group looking to carry out gift card fraud, according to KrebsOnSecurity.

Like Slalom, four of the other named IT service providers indicated that any efforts to target their customers appear to be unsuccessful.

Rackspace said it doesn't have any evidence indicating that there has been an impact to the company's environment, according to a company spokesperson. Infosys stated that it hasn't observed any breach of its network based on its monitoring and a thorough analysis of the indicators of compromise that the IT outsourcing behemoth received from its threat intelligence partners.

Cognizant said a review following media reports of the Wipro breach hasn't found that any client data has been compromised. And PCM said it doesn't have any evidence demonstrating that its customers have been impacted by any incident originating from a compromise of the company's systems.

Conversely, Avanade and Capgemini both indicated that they were impacted by the Wipro campaign. Avanade said that 34 of its employees were impacted in February, though there wasn't any impact to the company's client portfolio or sensitive customer data.

Capgemini, meanwhile, said its internal Security Operations Center (SOC) detected suspicious activity on a "very limited number" of laptops and servers between March 4 and March 19 which showed similar patterns to the attack faced by Wipro. Neither Capgemini nor any of its clients experiencing any impact to date thanks to immediate remedial action taking place, according to the company.

The Rackspace, Infosys and PCM statements neither confirmed nor denied that the solution providers were a target of the threat campaign that compromised Wipro, Avanade, and Capgemini. Cognizant, meanwhile, said it isn't unusual for a large company like theirs to be a target of a spear phishing attempts such as this.

Slalom has made some investments in security, with the company's DevSecOps offering on AWS allowing customers to deliver secure, compliant, and agile orchestration. Customers can automate provisioning and configuration with existing DevOps tools, and then use Slalom's orchestration pipeline to create new AWS accounts with automated compliance and security requirements built in.