Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cognizant. Show all posts
Social Engineering
Clorox Cognizant Data Breach Lawsuit Social Engineering

Clorox Blames $380M Breach on Service Desk Social Engineering, Sues Cognizant

 

In August 2023, the Scattered Spider group orchestrated a devastating social engineering attack against Clorox that resulted in approximately $380 million in damages, demonstrating how a simple phone call can lead to catastrophic business disruption . 

Modus operandi 

The attackers bypassed sophisticated cybersecurity measures through old-fashioned social engineering, repeatedly calling Cognizant's service desk and impersonating locked-out Clorox employees . Rather than exploiting technical vulnerabilities, they manipulated human psychology, using calm, scripted conversations to convince frontline agents to reset passwords and multi-factor authentication without proper verification . 

According to court filings, the attackers conducted thorough reconnaissance, collecting employee names, titles, recent hires, and internal ticket references to make their impersonation attempts more convincing . The legal complaint alleges that Cognizant agents violated agreed procedures by resetting credentials without properly authenticating callers first . 

Devastating impact 

The breach caused operational paralysis at Clorox, with production systems taken offline, manufacturing paused, and manual order processing implemented . The company experienced significant shipment delays that depressed sales volumes, with the total financial impact reaching roughly $380 million, including $49 million in direct remedial costs and hundreds of millions in business-interruption losses . 

Why outsourcing amplified risk

Outsourced help desks present unique vulnerabilities due to their broad cross-tenant privileges and high-volume workflows that can lead to shortcuts in verification processes . Large vendors handling numerous calls may experience "process drift," where agents prioritize getting users working over strict security verification . Additionally, third-party systems often create visibility gaps, with actions logged in separate systems that aren't fully integrated into customers' security monitoring . 

Defense recommendations 

Security experts recommend treating help-desk resets as privileged operations requiring out-of-band verification through company-owned phone callbacks or emailed tokens . High-risk resets should mandate two-person approval and automatic manager notifications . 

Organizations should implement automated telemetry to log every reset with immutable audit trails and alert on suspicious patterns like multiple resets from the same external number . Contract language with vendors must require technical controls, auditability, and regular social-engineering simulations to measure and improve verification processes .
Read more »
Technology
Artifcial Intelligence Cognizant GenAI IT Sector LLMs Technology

IT and Consulting Firms Leverage Generative AI for Employee Development


Generative AI (GenAI) has emerged as a driving focus area in the learning and development (L&D) strategies of IT and consulting firms. Companies are increasingly investing in comprehensive training programs to equip their employees with essential GenAI skills, spanning from basic concepts to advanced technical know-how.

Training courses in GenAI cover a wide range of topics. Introductory courses, which can be completed in just a few hours, address the fundamentals, ethics, and social implications of GenAI. For those seeking deeper knowledge, advanced modules are available that focus on development using GenAI and large language models (LLMs), requiring over 100 hours to complete.

These courses are designed to cater to various job roles and functions within the organisations. For example, KPMG India aims to have its entire workforce trained in GenAI by the end of the fiscal year, with 50% already trained. Their programs are tailored to different levels of employees, from teaching leaders about return on investment and business envisioning to training coders in prompt engineering and LLM operations.

EY India has implemented a structured approach, offering distinct sets of courses for non-technologists, software professionals, project managers, and executives. Presently, 80% of their employees are trained in GenAI. Similarly, PwC India focuses on providing industry-specific masterclasses for leaders to enhance their client interactions, alongside offering brief nano courses for those interested in the basics of GenAI.

Wipro organises its courses into three levels based on employee seniority, with plans to develop industry-specific courses for domain experts. Cognizant has created shorter courses for leaders, sales, and HR teams to ensure a broad understanding of GenAI. Infosys also has a program for its senior leaders, with 400 of them currently enrolled.

Ray Wang, principal analyst and founder at Constellation Research, highlighted the extensive range of programs developed by tech firms, including training on Python and chatbot interactions. Cognizant has partnerships with Udemy, Microsoft, Google Cloud, and AWS, while TCS collaborates with NVIDIA, IBM, and GitHub.

Cognizant boasts 160,000 GenAI-trained employees, and TCS offers a free GenAI course on Oracle Cloud Infrastructure until the end of July to encourage participation. According to TCS's annual report, over half of its workforce, amounting to 300,000 employees, have been trained in generative AI, with a goal of training all staff by 2025.

The investment in GenAI training by IT and consulting firms pivots towards the importance of staying ahead in the rapidly evolving technological landscape. By equipping their employees with essential AI skills, these companies aim to enhance their capabilities, drive innovation, and maintain a competitive edge in the market. As the demand for AI expertise grows, these training programs will play a crucial role in shaping the future of the industry.


 

Read more »
Maze Ransomware
Cognizant malware Maze Ransomware

Maze Ransomware: What you need to know and How to protect from being hit by Maze!


Cognizant Technology Solutions Corp., an IT giant with 3000 employees was recently hit by a strain of sophisticated Windows Ransomware called Maze, encrypting its systems and threatening to make its data public if they don’t pay the supposed ransom.


This particular malware is proving to be quite lethal and is making headlines every week with their new victim. It has spread quite a disarray and chaos not only in the IT sector but even in other companies and firms which deal with sensitive user data. Maze, also known as “ChaCha Ransomware”, was first discovered in May 2019 and started attacking firms by encrypting files and blackmailing them by exposing their data to the public. It attacked Andrew Agencies in October then the city of Pensacola, US Insurance Company Chubb, the leading cable manufacturer Southwire Company (America), Medical Diagnostic Laboratories (MDLabs), Manitoba Law Firm (Canada) and now Cognizant.

How is it more Different and Lethal than other Ransomware? 

There have been other malware that encrypt files and demand ransom but what makes Maze more dangerous is that it encrypts the system and steal the data and export it to hackers or threaten to release it on their own website (yes, they have a website where they publish their new victim and their data) if the ransom is not paid thus it’s not just a malware attack but a fusion of ransomware attack and data breach.

So, the previous tactics like keeping backups and restoring backups and running again fail for Maze as they have your data and can use it maliciously.

How does it infect? 

This ransomware has been seen to use various ways to infect computers like emails, attachments, links, exploiting passwords, and even exploit kits like Fallout and Spelevo. After infiltrating the system it uses two different ciphers (RSA+ChaCha20) to encrypt files. When the file is successfully encrypted it adds more random extensions with 6-7 charts (For Example-“.rC0syGH”, “.DL1fZE”).

How to protect from Maze Ransomware?

Though Backups don’t do much with Maze, you should still deploy secure offsite backups, running up-to-date security measures and solutions and employee training in installing strong passwords and identifying unsecure and spam email attachments and files.

Most corporate use AppData to run the program and most malware like Maze, MedusaLocker, Sage exploit this and run files from here (AppData). Instead, if we install software from program files only administrators can install/copy files and since malware won’t have the license and permission, they won’t be able to run.

Even Chrome is installed into user AppData folder and when a user logs via AD into a computer, chrome gets installed in user AppData folder. Similarly, Microsoft Teams installs clients in AppData Local, instead, they should be installed from program files as then it would require admin Or user permissions and otherwise both chrome and Microsoft makes the system susceptible to malware.

Using software like “Ransomware Defender”, where AppData, User Profiles, and this kind of folders are blocked and blacklisted and provides for strong protection against ransomware like Maze.

Windows users can install ‘Ransomware Defender’ - Download from here:
https://www.cysecurity.co/ransom-defender-for-windows/
Read more »
Subscribe to: Posts (Atom)