Cognizant Technology Solutions on Saturday said it was hit by a “Maze” ransomware cyber attack, resulting in service disruptions for some of its clients.
The information technology services provider said it was taking steps to contain the incident, with the help of cyber defense companies, and has also engaged with law enforcement authorities.
Ransomware is a type of malicious program used by hackers to take control of files in an infected system and then demand hefty payments to recover them.
According to cybersecurity firm McAfee, hackers who deploy Maze threaten to release information on the internet if the targeted companies fail to pay.
“We are in ongoing communication with our clients and have provided them with indicators of compromise and other technical information of a defensive nature,” Cognizant added.
The Maze operators denied responsibility for the cyber attack, according to security website BleepingComputer. However, the report added that Maze is likely not discussing it to avoid complications at this early stage.
Insurer Chubb in March was hit by a computer security incident that may have involved unauthorized access to data held by an outside service provider. A group that deploys the Maze ransomware claimed to have locked up devices on Chubb’s network during March, according to BleepingComputer.
More attacks
Hacking activity against corporations in the United States and other countries more than doubled by some measures last month as digital thieves took advantage of security weakened by pandemic work-from-home policies, researchers said.
Corporate security teams have a harder time protecting data when it is dispersed on home computers with widely varying setups and on company machines connecting remotely, experts said.
Software and security company VMware Carbon Black said this week that ransomware attacks it monitored jumped 148 percent in March from the previous month, as governments worldwide curbed movement to slow the spread of the novel coronavirus, which has killed more than 130,000, Reuters reported.
“There is a digitally historic event occurring in the background of this pandemic, and that is there is a cybercrime pandemic that is occurring,” said VMware cybersecurity strategist Tom Kellermann.
Tonya Ugoretz, a senior cyber official with the FBI, told an online audience on Thursday that incoming reports about hacking had multiplied three- or four-fold during the outbreak. Rob Lefferts, a cybersecurity executive with Microsoft, said his company was seeing an upswing in the volume of digital breaches in the same places the disease was spreading the most quickly.
“The volume of successful attacks is correlated with the volume of virus impact,” he said, adding that many malicious actors seemed to be piggybacking on confusion and anxiety to trick users into parting with their credentials.
Changes to corporate networks being scrambled by work-from-home policies may also be making life easier for attackers.
Using data from U.S.-based Team Cymru, which has sensors with access to millions of networks, researchers at Finland’s Arctic Security found that the number of networks experiencing malicious activity was more than double in March in the United States and many European countries compared with January, soon after the virus was first reported in China.
The jump in volume came as computers responded to scans when they should not have. Such scans often look for vulnerable software that would enable deeper attacks.
The U.S. Department of Homeland Security’s (DHS) cybersecurity agency agreed this week that VPNs bring with them a host of new problems.
“As organizations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors,” wrote DHS’ Cybersecurity and Infrastructure Security Agency.
The agency said it is harder to keep VPNs updated with security fixes because they are used at all hours, instead of on a schedule that allows for routine installations during daily boot-ups or shutdowns.
Even vigilant home users may have problems with VPNs. The DHS agency on Thursday said some hackers who broke into VPNs provided by San Jose-based Pulse Secure before patches were available a year ago had used other programs to maintain that access.
The image is for representative purpose only.