PCM Finds No Sign Of Client Impact In Campaign Tied To Wipro Hack

PCM said it hasn’t found any forensic evidence indicating the company’s network systems were breached by the phishing campaign that compromised Wipro and other IT service providers.

PCM's clients can breathe easy after learning they were not negatively impacted by the advanced phishing campaign that compromised dozens of Wipro employees.

The El Segundo, Calif.-based company, No. 25 on the 2018 CRN Solution Provider 500, said it doesn't have any evidence demonstrating that its customers have been impacted by any incident originating from a compromise of the company's systems. The company said it has been working with its experienced security teams to investigate the threat.

PCM additionally said that it hasn’t found any forensic evidence indicating that the company’s network systems were breached by the reported phishing attack. PCM last week refused to comment on the KrebsOnSecurity report that it had also been targeted by the cybercrime group that successfully breached Wipro, but provided additional statements on the matter Wednesday.

[Related: Wipro Hackers Also Went After Seven Other Solution Provider Giants: Report]

The $2.16 billion company employs more than 4,000 people, and reported that in 2018, Microsoft accounted for 15 percent of its sales, while HP Inc. accounted for 10 percent.

KrebsOnSecurity first reported last week that the threat actors responsible for launching an advanced phishing campaign against Wipro also went after Avanade, Capgemini, Cognizant, Infosys, PCM, Rackspace, and Slalom Consulting. The campaign appears to be perpetuated by a cybercrime group looking to carry out gift card fraud, according to KrebsOnSecurity.

Like PCM, four of the other named IT service providers indicated that any efforts to target their customers appear to be unsuccessful.

Rackspace said it doesn't have any evidence indicating that there has been an impact to the company's environment, according to a company spokesperson. Infosys stated that it hasn't observed any breach of its network based on its monitoring and a thorough analysis of the indicators of compromise that the IT outsourcing behemoth received from its threat intelligence partners.

Cognizant said a review following media reports of the Wipro breach hasn't found that any client data has been compromised. And Slalom said it was able to detect and prevent phishing attack activity between March 4 and March 19.

Conversely, Avanade and Capgemini both indicated that they were impacted by the Wipro campaign. Avanade said that 34 of its employees were impacted in February, though there wasn't any impact to the company's client portfolio or sensitive customer data.

Capgemini, meanwhile, said its internal Security Operations Center (SOC) detected suspicious activity on a "very limited number" of laptops and servers between March 4 and March 19 which showed similar patterns to the attack faced by Wipro. Neither Capgemini nor any of its clients experiencing any impact to date thanks to immediate remedial action taking place, according to the company.

The Rackspace and Infosys statements neither confirmed nor denied that the solution providers were a target of the threat campaign that compromised Wipro, Avanade, and Capgemini.

Cognizant, meanwhile, said it isn't unusual for a large company like theirs to be a target of a spear phishing attempts such as this. And Slalom said the timeframe of the phishing attack activity against the IT consulting powerhouse overlaps with KrebsOnSecurity reports on when dozen of Wipro employees and more than 100 of the IT outsourcing giant's computer systems were compromised.

PCM said in its annual report filed with the U.S. Securities and Exchange Commission (SEC) that as newer and more sophisticated technologies evolve, the company could be exposed to increased risks from security breaches stemming from human error, negligence or management or from illegal or fraudulent acts such as cyberattacks.

"The occurrence of any of these security breaches, or the claim that our company has suffered such a security breach, whether accurate or not, could result in adverse publicity, loss of customer confidence, increased costs, reduced sales and profits, criminal penalties, and civil liabilities," PCM wrote in March 2019 10-K filing with the SEC.