Which SSL Reviews

HTTPS

Hackers Target 13 More Financial Institutions Following JP Morgan Chase

October 16, 2014 | By Editor 

Summary

The scheme used in the breach of JPMorgan Chase that impacted 75 million accounts may have also severely affected 13 other financial institutions.

Hackers Target

Thirteen More Financial Institutions Impacted

  • Evidences have surfaced linking the same hackers who infiltrated JP Morgan Chase a few months back to probes at HSBC, Citigroup, E*Trade Financial, Fidelity, and ADP, among others.
  • The extent of the damage remains unclear but researchers have noted that there are evidences that can help cyber analysts to improve model hacker behavior.
  • The extent of the attack suggested that the hackers were keen in testing the defense system of a wide range of financial institutions, ranging from large global banks to online brokerage firms.

Crime and defense in the Internet are all about coordination

As the recent attacks across multiple financial firms show, hackers find one weapon, quickly re-use it, look for target after target, pry on anyone who has left that particular defensive gap.

This forces defenders to coordinate and share information between other competitors, since any flaw in the company can be discovered and exploited in minutes.

These data breaches exhibit similarities to those experienced by Home Depot and Target.

Hackers gain access to privileged admin accounts and then continue on as authorized users,  bypassing traditional defense systems and gain free access to sensitive information

Advanced, targeted attacks like these take time and require more resources to pull it off.

To gain a big payoff, hackers need to conduct extensive research to find defensive gaps in a network security.

This includes identifying individuals in the firm who can be compromised with a customized social engineering technique that results in the employee unwittingly giving up details.

Therefore, the IT department has to be quick in responding to demands of the ever-changing business landscape, and maintain tight network security in a complex IT infrastructure. This could avoid customers from confronting a catch-22 situation.

Segmenting a network happens to be the holy grail of the IT industry to counter most of these advanced attacks.  Network segmentation still remains a dream without an automated system.

Most of these attacks against a single target face many methods of possible entry. It all depends on the hackers.

In the case where companies having found traces of the hackers, it could spiral down to a many victim type of attack, with the aim of gaining access into a secure environment.

Without the knowledge behind the motivation of the hackers or the technical details of how a attack was done, one can only guess at the link between the hacker’s targets and the final goal.

This is probably why Google insisted that all businesses convert from HTTP to HTTPS. An intuition may be.

Be part of an IT community with thousands of subscribers. Get the latest news, blogs, and thought leadership articles. Subscribe now
Email *

Posted in HTTPS

Be Sociable, Share!

Leave a Comment


 


* fields are mandatory