First, the reasonably good news: Wipro's revenue for the quarter ended March 31, 2019 was US$2.2 billion -- up 9 percent from the corresponding quarter last year. Net Income for the quarter was US$359.1 million1, up 37.7 percent from the corresponding quarter last year. The revenue figures were slightly below Wall Street's expectations, but earnings were in-line with analyst predictions, Seeking Alpha reports.
Wipro's financial presentation slides for today's earnings did not mention the alleged hacker attack. But the company is investigating a phishing campaign that apparently breached Wipro's corporate email system “for some time,” according to KrebsOnSecurity. The hackers used Wipro’s network to launch attacks against roughly 11 customers, the report said. Customer names and specific damage information were not reported.
Wipro, at US$8.4 billion in annual revenues for 2018, is India’s third-largest IT outsourcing firm with MSP capabilities. The company has roughly 160,000 employees across six contents. Key rivals include Tata Consultancy Services, Infosys, HCL Technologies and Tech Mahindra, among others.
Hackers Target MSPs, MSSPs, IT Consulting Firms
This is the latest in a growing list of island hopper hacker attacks that specifically target MSPs and IT consulting firms as potential doorways into end-customer systems.
According to MSSP Alert, earlier MSP-related attacks involved:
- GandCrab ransomware targeting MSPs and their end-customers.
- The APT10 hacker group hitting a major MSP.
- A U.S. Department of Homeland Security warning about hackers targeting MSPs and CSPs.
In response, MSPs and MSSPs worldwide have been locking down their RMM (remote monitoring and management) software platforms with the latest software patches, double-checking network access settings, rolling out security awareness training, and double-checking business continuity plans to ensure backup and recovery systems will stand tall following potential ransomware attacks.
Moreover, MSPs and MSSPs have been rolling out multi-layer security systems — including next-generation endpoint protection, network and cloud services that often detect and eliminate phishing emails before they can reach users.