Search
Homepage Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC Cisco Partner Summit Digital 2020 HPE Zone The Business Continuity Center Enterprise Tech Provider Masergy Zenith Partner Program Newsroom Hitachi Vantara Digital Newsroom IBM Newsroom Juniper Newsroom Lenovo GoChannelFirst The IoT Integrator NetApp Data Fabric Intel Tech Provider Zone

‘Nobody Is Safe’ As Huge Solution Providers Like DXC Join Smaller MSPs Hit With Ransomware

‘These groups are making billions … They have the money to ramp up their operations in terms of their scale and sophistication. It is inevitable that they will have more success with bigger targets,’ Brett Callow, threat analyst with Emsisoft tells CRN.

Back 1 ... 3   4   5   6  
photo

Wipro

Hackers hijacked an instance of ConnectWise Control to attack Bengaluru, India-based IT outsourcing giant Wipro and seed ransomware into their network of thousands of customers in April 2019.

The multi-month intrusion from a state-sponsored hacker, was first reported by KrebsOnSecurity. The respected tech blogger said that Wipro's systems were used as a jumping off point for exploits targeting at least a dozen client systems.

Wipro's customers traced malicious and suspicious network reconnaissance activity back to partner systems that were communicating directly with Wipro's network, according to KrebsOnSecurity. File folders found on the intruders' back-end infrastructure were named after various Wipro clients, a source told KrebsOnSecurity, and suggest that at least a dozen companies were attacked.

ConnectWise Chief Product Officer Jeff Bishop later told CRN that a highly publicized breach of IT outsourcing behemoth Wipro appears to be a "legitimate use" of the ConnectWise Control remote support and remote access tool.

Bishop said his understanding of the Wipro breach is that the Control product wasn't hacked or accessed improperly. Instead, Bishop said the hackers were supposedly authenticating through a legitimate instance of the remote control machine.

Specifically, Bishop said the reports indicate somebody gained access to Wipro's network and was able to deploy agents without having to contact, inform or ask anyone. In order to deploy an agent on a machine, Bishop said, the adversary would either need to have full access to the network, or contact the person sitting on the machine and convince them to install the agent.

 
 
Back 1 ... 3   4   5   6  

sponsored resources