An Ounce of Prevention – Cloud Infrastructure Providers as Vectors for Scalable Attacks

The Economic Times reported Wipro as saying “We detected a potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign. Upon learning of the incident, we promptly began an investigation, identified the affected users and took remedial steps to contain and mitigate any potential impact.”

From the news so far, it seems the intent of the attackers was to use Wipro as a staging ground for attacks on Wipro’s customers, effectively entering through a trusted door. If the Verizon Data Breach Report is any indication the odds are better than 80% that the breach targeted employee and administrative credential compromise as the attack vector of choice.

Some of the most respected brands such as Wipro spend money on the best training for anti-phishing and attack detection in the misguided belief that this is an adequate measure. The fact is that security measures that rely on end-users to make the distinction on a legitimate request vs. a fraudulent one are doomed to failure. Too often, companies like Wipro and their service provider community rely on post-attack detection rather than investing in preventative measures such as phishing-proof authentication such as those based on the FIDO standards.

Ironically, earlier in April, the US National Counterintelligence and Security Center (NCSC) launched National Supply Chain Integrity Month to raise awareness about growing threats to the supply chains of the private sector and U.S. Government.

“Foreign intelligence entities and other adversaries are increasingly exploiting supply chain vulnerabilities to steal America’s intellectual property, corrupt our software, and surveil our critical infrastructure,” said NCSC Director William R. Evanina.

“Bypassing our security perimeters, they’re infiltrating our trusted suppliers to target equipment, systems, and information used every day by the government, businesses, and individuals. The cost to our nation comes not only in lost U.S. innovation, jobs, and economic advantage, but also in reduced U.S. military readiness,” he added.

If we can learn anything from history, it would be that the Wipro attack is the tip of the iceberg. A few years ago, Google was attacked by “Operation Aurora”, a wide-ranging compromise of Google’s systems aimed at altering source-code, infiltrating administrative accounts with the goal of accessing accounts of dissident Chinese activists. Given the increasing reliance on cloud and infrastructure service providers, such attacks will continue to grow because they represent a “scalable” attack vector that involves a large payoff.

We strongly recommend both customers and service providers invest deeply in modern authentication that is phishing resistant, multi-factor, standards based and widely supported as well as proven at scale. The FIDO standards pioneering by Nok Nok Labs are one such essential building block of a preventative approach to security that is needed to mitigate the catastrophic consequences of attacks on providers like Wipro.