Threat Watch

Cognizant Confirms Data Breach

In a series of data breach notifications, the  IT services giant Cognizant stated that unencrypted data was likely stolen during an April ransomware attack. Cognizant is one of the world’s largest IT managed services companies with nearly 300,000 employees and over $15 Billion in revenue. As a Managed Service Provider (MSP), the company remotely manages many of its clients’ IT systems to fix issues, install patches, and monitor their security. On April 17th, the company began notifying their clients to warn them that they were under attack by the Maze Ransomware so they could disconnect themselves from Cognizant’s services and protect themselves from the attack. In two data breach notifications, Cognizant stated the ransomware operators “likely exfiltrated a limited amount of data from Cognizant’s systems.” Cognizant stated that personal information such as SSN, tax ID’s, financial information, drivers’ licenses, and passports may have been stolen. 

Ransomware operators continue to target large organizations and MSPs that provide services for many clients. By compromising the systems of an MSP, threat actors can increase their reach to attack the MSP’s clients as well. It is critically important for MSPs to detect and respond to attacks very quickly so that clients and sensitive data are not at risk. A good defense-in-depth strategy should include email threat filtering, continuous monitoring of network traffic and events on workstations and servers using Endpoint Detection and Response (EDR) systems. MSPs can also provide security monitoring for their clients’ systems directly or through a partnership with a Managed Security Service Provider (MSSP). For those affected, Cognizant is providing a year of ID theft and Darkweb monitoring for free. It is suggested that the victims utilize this free offer to prevent attackers from using the stolen information to open credit card accounts, bank accounts, or perform other identity theft. Other uses for the stolen information include phishing attacks. Victims should be vigilant when viewing their emails for anything that looks suspicious. Attached is information from the US Federal Trade Commission (FTC) on how to recognize and avoid phishing scams.

Source article:  https://www.bleepingcomputer.com/news/security/it-giant-cognizant-confirms-data-breach-after-ransomware-attack/

FTC recommendations: https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams

ANALYST NOTES