Enterprise cybersecurity is a myth and as we continue to see attacks compromising businesses’ security infrastructure to the core and damaging their trust and reputation left, right and center, we firmly believe that there’s so much that these companies take for granted in the pretext of providing IT services to their clients.
Cognizant suffers a Maze ransomware attack
One such IT services giant Cognizant has suffered a Maze ransomware attack on its network. The company has acknowledged the incident and put out a statement on its website:
Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack.”
“Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident.
The company says it has engaged with law enforcement authorities to address the incident.
Ransomware is a type of malware attack that threatens to publish the victim’s data or perpetually lock them out of it unless a ransom is paid.
New Jersy-headquartered Cognizant was founded in 1994. Over the years, Cognizant has emerged as one of the IT services giants around the world.
Cognizant has several multinational clients around the world who pay for the company’s IT services, including digital, technology, consulting, and operations services. It also handles Facebook’s content moderation business.
Cognizant posted $16.8 billion in revenue last year. The company has more than 290,000 employees around the world, most of whom are from India.
How does this affect Cognizant clients?
Maze ransomware attack first came to light in May last year and towards the end of 2019, it became more aggressive with its campaigns by revealing the names of the companies that failed to comply with their ransom demands.
“We are in ongoing communication with our clients and have provided them with Indicators of Compromise (IOCs) and other technical information of a defensive nature,” Cognizant further added.
Maze operators extract and encrypt data from companies and hold them for ransom. What makes Maze different from traditional ransomware is the ability to infect and encrypt every computer in its path and exfiltrating the victim’s data to the attacker’s servers.
Last year, the Federal Bureau of Investigation hard warned businesses that Maze related ransomware attacks are on the rise.
Meanwhile, Maze attackers have reportedly denied responsibility for the attack.
Recently, we learned that the lateral movement technique to control RDP servers is on the rise since the COVID-19 outbreak.