In recent news, several US banks have been the target of cyberattacks with JP Morgan Chase being named as one of the banks that were hacked. There are several other banks that have yet to be named but will certainly be revealed in the weeks to come. The scope of the information stolen is yet to be determined as forensic efforts are still in process and an ongoing FBI and Secret Service investigation as well.
As reported by USA Today here, the initial reports are indicating that the attacks are “not officially the work of the Russian state, they are being done with its blessing”. These attacks are part of a larger attack related to nationalist cybercrime campaigns against financial institutions that includes German and Swiss banks as well as European Central Bank.
CNET news has also reported on these attacks here, which details further how the attacks were carried out and what information the attackers were after. Typically hackers go after usernames and passwords so they can login to victim’s accounts and transfer money or sell the information on the black market. These attacks were different. Reports are that they were not only after usernames and passwords but that they were also after bank records. According to CNET the attackers modified and deleted some of the banks records yet the motive for these actions is unknown.
It appears the hackers were able to gain access to JP Morgan Chase’s systems by sending phishing emails to employees of the bank. The phishing emails contained what appeared to be an encrypted email message from a legitimate source.
The hackers were able to spoof the template of Chase’s encrypted email system and use that against the company. The fake email contained a link to custom written malicious software that was undetectable by typical virus detection software. This type of phishing is a common theme among hackers in attempts to gain access to internal systems, and in this instance it was successful.
Cybersecurity is a constant threat for banks and other financial institutions and the attacks are ever evolving and becoming more sophisticated as new technologies are developed. To avoid being a victim to these types of attacks it is imperative to train and educate your employees and test them when possible. Training and education are the best ways to help thwart such attacks but it is also necessary to continuously keep up with the latest threats and incorporate that into training. Best practice for emails: If you’re not expecting a link or attachment from someone, call them and ask to make sure they sent it.