JP Morgan Chase Hack Attack – The Analysis
Normally, when we analyze any hack attack or hack attempt, the first question which pops into our mind, is how was it carried out? However, many of the organizations are not forthcoming into specifying the exact method as to how their IT security was breached and how their costly security appliances were caught napping.
The same is true in this case also, nothing much has been divulged. All we know that along with JP Morgan Chase, at least four others were breached. It is possible to understand that one bank was breached but more than four? This count itself is enough to summarize that there is some other entity involved, a common entity which has access to all these banks. In the past too, we have seen the involvement of a third party which has led to the downfall, and we are pretty much sure that in this case too, the scenario should not be much different.
Most of the big organizations may have the best of the security appliances and an ensemble of security experts working at their behest. However, when it comes to extending their security cover to the very entities to whom these organizations have outsourced much of their sensitive data-related tasks, there seems to be a gray area. It is this very gray area which hackers have been attacking with quite a huge success rate.
Is it the lack of finances or plain simple ignorance? In order to save a few millions of dollars and a few HR related headaches, organizations prefer to outsource numerous tasks, which in reality is a huge business. On the other hand, when we look at the cons, one data breach will simply wipe out the entire organization or will at the least wipe out the profits accrued through outsourcing.
There have been numerous instances when the third party itself exhibited a lackadaisical attitude when it comes to incorporating security, security advisories or an apt attitude towards following of security norms.
Outsourcing provides great opportunities. However, all the concerned parties have to understand the fact that security is as strong as the weakest link.
Whenever a third party has been attacked, it has always been due to spear phishing, malware/Trojan or a web-based vulnerability. However, from the perspective of IDS/IPS, when we take a closer look into the method of attack, all the perceived form of attacks are supposed to trigger an alarm unless and until either they have been shutdown or a Zero-day has been used.
It is highly unlikely that a Zero-day has been used in this attack due to the sheer fact that more than one bank was breached and the possibility of all banking networks having the same vulnerability is next to zero.
Secondly, a lot of questions arise when we realize that Gigabytes of data was siphoned off. Security alerting systems of the present day are highly advanced so as to detect any anomalous bandwidth usage and it is surprising to note that the attack was detected after huge chunks of data was transferred. Few questions which come into our minds are;
1. Did the alerting systems issue an alert which was later on dismissed as a false positive?
2. Did the attackers stay well under the radar, which would again raise more questions about the timeline?
Did the hackers know about the internal security, so as to remain undetected for such a long period of time which not only allowed them to transfer data but also able to gain foot hold into the internal network?
It comes as a surprise to know that organizations to the likes of JP Morgan Chase, which in all probability has millions of dollars’ worth of Cyber Security annual budget, getting hit by a breach.
The common notion as theorized by Patricia Wexler, spokesperson of JP Morgan Chase that “Companies of our size unfortunately experience cyber-attacks nearly every day” is quite true, however security is in knowing that even the smallest whimper is to be given appropriate attention. Say for example, we are working in a noisy environment. After a few minutes of staying in that noise, we become immune to that noise. In this scenario the noise is related to the alerts, had the administrators become immune to these daily chitter chatter of alerts from the constant attacks or they were specifically chided by their peers to report only in case of any eventuality as was the case with the boy who cried wolf?
Last, but not the least, a few months back, during December 2013; it was revealed that JP Morgan was hit by a data breach in which they had warned almost half a million pre-paid cash card customers that their personal information may be at risk. Two incidents in a space of six months is huge failure of the security mechanism.
We simply hope that JP Morgan Chase and the investigating agencies reveal to us the exact version of what has happened and how it happened, as this is the only way towards implementing better security practices. Whether they may or may not be followed is a different question altogether.
-- Inputs by Mr. Govind Rammurthy, MD & CEO, eScan
eScan, one of the leading Anti-Virus & Content Security solutions for Desktops & Servers is developed and marketed by MicroWorld. It is powered by innovative and futuristic technologies, such as MWL Technology, DIRC Technology, NILP Technology, and sophisticated Anti-Virus Heuristic Algorithms that not only provides protection from current threats, but also provides proactive protection against evolving threats. eScan provides 24x7 free remote support facility, integrated in the software to help customers to get their malware related issues resolved in the fastest possible time-frame. It has achieved several certifications and awards from some of the most prestigious testing bodies, notable among them being Virus Bulletin, AV-Comparatives, ICSA, and PCSL labs. Combining the power of various technologies, eScan provides Multi-level Real-time Protection to Computers and Networks.
For more information, visit www.escanav.com.
MicroWorld Technologies Inc
31700 W 13 Mile Rd, Ste 98
Farmington Hills, MI 48334
Tel: +1 248 855 2020
+1 248 855 2021
Fax:+1 248 855 2024
This release was published on openPR.
Permanent link to this press release:
Please set a link in the press area of your homepage to this press release on openPR. openPR disclaims liability for any content contained in this release.
You can edit or delete your press release JP Morgan Chase Hack Attack – The Analysis here
News-ID: 294946 • Views: 4014
More Releases from MicroWorld Technologies Inc.
MicroWorld to launch Nemasis at the 39th Gitex Technology week
Leading cyber security giant, Microworld have announced the unveiling of their new cyber security solution, Nemasis (VAPT) at the 39th edition of Gitex Technology week, which is to be held at the World Trade Center in Dubai from the 6th to the 10th of October 2019. MicroWorld along with its seniority team can be located at the SR F1 booth at the Sheik Rashid Hall. Nemasis is a vulnerability management
eScan delights its channel partners with a trip to Pattaya
eScan, one of the leading anti-virus solution developers had launched an offer to reward its channel partners with 2 nights and 3 days trip to Pattaya. The offer was launched exclusively for Southern region and about 70 partners from the region had been to the destination. The 2 Nights/3 Days luxury outing to Pattaya was packed with tranquil sightseeing that included a visit to Coral Island that offers plenty of water
eScan products receive 100% clean certificate from Softpedia
eScan’s Internet Security Suite (ISS) for Windows and eScan’s Anti-Virus (AV) have received the coveted 100% clean certificate from Softpedia among its peers. The tests were conducted on both products in the Softpedia labs in April 2018. The results showed that eScan’s ISS for Windows and eScan’s AV do not contain any form of malware, including but not limited to: spyware, viruses, trojans and backdoors. These products were tested thoroughly
eScan’s ISS for Windows achieves VB 100 Test Certificate
eScan has successfully cleared Virus Bulletin’s VB100’s comparative review test for its eScan Internet Security Suite (ISS) for Windows. The test, in February 2018, was conducted on Windows 7 and 10 Professional. eScan Internet Security Suite proved its capability of providing advanced protection against malware listed by WildList Organization with the RAP score of 92.1% and Zero False Positives. Virus Bulletin is a world-renowned independent testing and certification body, in
More Releases for Morgan
Morgan Stanley Wealth Management Market 2018 Morgan Stanley Morgan Stanley Smith …
"Super League In-Depth Analysis: Morgan Stanley Wealth Management", report is a comprehensive analysis of Morgan Stanley’s wealth management operations. It offers insight into the company’s strategy and financial performance, including key data on assets under management (AUM). Customer targeting and service proposition are also covered, along with product innovation and marketing activities. Key Leading Companies Mentioned: Morgan Stanley Morgan Stanley Smith Barney LifeYield Zelle Graystone Consulting Get Sample Copy Of This Report at http://www.orbisresearch.com/contacts/request-sample/2289828 Morgan Stanley is a global financial institution,
Discover J.P. Morgan Private Bank’s Financial Performance and Growth Strategy
Pune, India, 06th November 2017: WiseGuyReports announced addition of new report, titled “Super League In-Depth Analysis: J.P. Morgan Private Bank 2017 - Tracking the world’s major competitors in wealth management” JP Morgan Chase & Company is an American-based financial services company. J.P. Morgan and Chase. J.P. Morgan Private Bank both of them are controlled by JP Morgan Chase & Company. The names have spread across the globe in such way that
Graphite Brush Market Size 2017-2022 Mersen, Morgan, Schunk, AVO
Graphite Brush Market Size 2017-2022 Recently published a detailed market study on the "Graphite Brush Market" across the global, regional and country level. The report on the global Graphite Brush market uses the top-down and bottom-up approaches to define, analyze, and describe the Graphite Brush market trends for the next five years And Graphite Brush market Size and Share. The Graphite Brush market report further provides production, capacity, Graphite Brush
Magnetism | Meg Frazier + Morgan Winter
Chicago, IL - April 15, 2016, 5p - 8p- Magnetism | Meg Frazier + Morgan Winter. The Jeffrey Breslow Gallery celebrates a unique collaborative exhibition of work by Meg Frazier and Morgan Winter. The show, titled Magnetism, represents the unseen yet tactile energy that exists when two distinct styles approach artistic compositions as one. Meg Frazier, known for her bold brush strokes trickled throughout her abstract style, and Morgan Winter,
Morgan Law Group Announces Membership in WealthCounsel®
Newport Beach, CA., September 1, 2011 – Darlynn Morgan today announced that Morgan Law Group an estate planning law firm in Newport Beach is a member of WealthCounsel, a nationwide organization of more than 2,200 estate planning attorneys. Ms. Morgan, as a member of WealthCounsel, believes in a comprehensive, client-centered approach to estate planning founded on the principles of legal competence, professional collaboration and a commitment to excellence. “Estate planning
Big Investment in Brazil from JP Morgan
Foreign investment in Brazil continues full steam ahead. The latest addition to the investor list is J.P. Morgan who has just bought Gávea, one of Brazil’s largest hedge funds. This acquisition is one of many this year as the world’s banks and funds turn their attention from the jaded traditional markets to the bright lights of emerging markets. Brazil with its stable democracy, steady economy and huge potential is one