Original Story: USAToday.com
The cyberattacks on JPMorgan Chase and at least four other institutions were "very sophisticated" and were likely state-sponsored, the chairman of the House Intelligence Committee said Thursday.
The nation's largest bank said earlier in the day that it was working with the FBI and other authorities to determine the scope of a hacking attack that hit financial institutions. It said it is not seeing unusual fraud activity. An Atlanta IP Lawyer is reviewing this case.
The other firms involved have not been identified.
Rep. Mike Rogers, R-Mich., the Intelligence Committee chairman who has been briefed on the attacks, described the intrusions on "multiple" financial institutions as "very sophisticated.''
The level of sophistication "takes a very special skill set," he said, and indicates that "clearly, either they were aided by or conducted by a state sponsor."
However, a federal law enforcement official, not authorized to comment publicly, told USA TODAY that at least four banks were hacked recently in a series of coordinated attacks that law enforcement officials believe were carried out by Russian hackers. It's unknown whether the Russian government played a role. An Atlanta data privacy lawyer is skilled in data privacy compliance issues.
"This is a very real and dangerous threat and it's only going to get worse,'' Rogers said. "We've been admiring the advanced sophistication of these actions long enough. Now, it's time to do something about it."
The Financial Times reported on its website Thursday that it interviewed people familiar with the matter who say the attacks were focused on commercial banks. Wall Street investment banks including Goldman Sachs, which have been the targets of previous attempts to steal data or disrupt services, were unaffected, the FT's story said.
However, some sensitive data was lost in the attack, Bloomberg.com said, citing unnamed security experts.
Sophisticated cyberattacks against financial institutions have become "an everyday occurrence" and are just another part of the cost of doing business today, said Alexander Southwell, a former computer crime prosecutor who is now co-chair of the information technology group at Gibson Dunn & Crutcher, a Los Angeles-based law firm.
As a result, most banks are well-prepared. "The work of cybersecurity is often like 'Whac-A-Mole,' with new threats regularly emerging, followed by efforts to stop those threats, which then leads to threats emerging in different ways," Southwell said. "This attack may simply be another round in that 'game.' "
JPMorgan suggests that customers contact the bank if they detect any suspicious activity on their accounts. All of the bank's cards have full liability protection for consumers against fraud. "As we learn more, we will contact anyone we determine may have been impacted by this," bank spokesman Michael Fusco said.
It remains unknown whether the digital intruders were financially motivated or part of an espionage campaign.
JPMorgan Chase CEO Jamie Dimon said in the firm's 2013 annual report to shareholders that it has bolstered its cyberdefenses. This year, JPMorgan Chase will spend more than $250 million and devote about 1,000 people to cybersecurity, he said. The company is also building three regional state-of-the-art cybersecurity operations centers.
"We're making good progress on these and other efforts, but cyberattacks are growing every day in strength and velocity across the globe," Dimon said. "It is going to be a continual and likely never-ending battle to stay ahead of it — and, unfortunately, not every battle will be won."
The Sunnyvale, Calif.-based data security firm reported multiple examples of a credential phishing campaign in which authentic-looking e-mails encouraged users to click a link to see a secure message from JPMorgan.
When they did, they were asked to enter their credentials. The Web page was hosted on a server in Moscow and installed a so-called Trojan-program onto their computer, allowing the attackers to compromise the user's computer.
Proofpoint identified several other active campaigns that appeared to be run by the same attackers, each of which attempted to install the same Trojan software.
Showing posts with label cyber attack. Show all posts
Showing posts with label cyber attack. Show all posts
Sunday, September 7, 2014
Wednesday, May 30, 2012
Flame Malware A Real Scare
Story first appeared in The Wall Street Journal.
The complexity, size and geographic location of the computers affected by Flame, the malware that came to light Monday, points to state-sponsored cyber-espionage, and has been seen mainly as a geopolitical event. But the Flame code, which extracts data from networked computers and sends it to remote servers controlled by hackers, should also be seen by CIOs as a potential commercial threat and should cause them to reassess their Security Solutions – both on-premise and in the cloud.
Flame represents a next generation of malware because, while it combines many known ways of attacking systems and transmitting data back to remote servers, it is unique in how it has combined all of those malicious characteristics. Although many cyber-security experts have said most companies that create intellectual property – including a wide assortment of activities from pharmaceutical research to financial services and oil drilling – have already had their systems hacked, it may not be too late for CIOs to protect critical data. But, say experts, they will have to carefully assess their own networks, as well as their relationships with software vendors and cloud service providers with whom they do business.
Help Desk Services and analysts say that Flame should serve as a reminder to CIOs of how vulnerable they are, and give them a greater sense of urgency. Indeed the CIO of Land O’ Lakes, says he learned about Flame on the radio on his way into the office Tuesday, and his thoughts turned immediately to his cloud vendors. Like many CIOs, he has software running both on-premise and in the cloud, and says Flame is equally threatening to cloud and on-premise applications, but he wonders more about the risk mitigation strategies employed by his cloud partners. The question is, who will respond more quickly — cloud providers or his own internal data centers?
That’s a good question – cloud vendors generally do not accept liability for their clients data in the cloud.
The terms of service for Amazon’s AWS web services stipulate that the cloud vendor doesn’t accept liability for lost or altered data, and that customers are responsible for taking your own steps to maintain appropriate security, protection and backup of Your Content, which may include the use of encryption technology to protect Your Content from unauthorized access and routine archiving Your Content.
A Microsoft spokesperson said the company does accept liability for customer data on its Azure cloud platform, unless the customers themselves configured software improperly or otherwise created the conditions for a data breach. Rackspace and Google did not reply to requests for comment at the time of this writing.
Maintaining network security is hard enough on company-owned networks, but if you throw it over the wall to the cloud vendor and you don’t have visibility and control, it becomes impossible. Cloud vendors should provide customers with security tools, even if the customers themselves are responsible for configuring them.
The senior vice president and CIO of Hostess Brands Corporation, seemed to have these challenges in mind when he said he believes companies are limiting much of the data that they move to the cloud to less-critical information, because they are concerned about security. Until CIOs can get a comfort level that is tenable and sustained, the movement to the cloud will be selective.
Closer to home, however, CIOs still have work to do. A security and privacy expert with the IEEE, a professional IT organization, says even a next generation of malware such as Flame can only get a toehold in an organization’s network by taking advantage of bad software. He blames vendors for building software that leaves customers susceptible to a malware attack, but says customers have to ask their vendors if the stuff you’re buying from them is secure or not, because a lot of people don’t even ask.
He says responsible vendors will respond honestly to that question.
CIOs need to ensure that software written by their own developers has security built into it, and can do this by following guidelines established in the BSIMM [Building Security In Maturity Model] standard. Beyond that, he said good security practice includes using tools to analyze existing software architecture, review code, and regularly hiring third parties to test the network for vulnerabilities by trying to penetrate it. McGraw says he’s “optimistic we’re actually making progress” in making safe software more ubiquitous. But, he said, the only way we can get in front of [issues like Flame] is building systems to be secure in the first place.
A Gartner analyst says Flame highlights the fact that we have to take a multi-pronged approach to malware. No single approach will be a silver bullet. New technologies that analyze the behavior of applications on networks can identify malware before it executes its code. Older anti-virus applications depend on being able to recognize the code used by malware, whereas newer generations of technology can see whether a particular type of application, like a PDF file, is trying to execute code – which it shouldn’t normally do.
An independent cybersecurity analyst, says CIOs should create an inventory of all a company’s data and classify it according to its value, much like the government does with state secrets. They should then take the equivalent of “top secret” data off the Internet. CIOs should also segregate data that is important but not critical, and monitor which persons and applications have access to it.
The reason this isn’t common practice is that many CIOs think about security in terms of legal requirements rather than common-sense approaches. Security is often a matter of compliance. Knowing where your critical data is isn’t an obligation, so it’s not done.
The complexity, size and geographic location of the computers affected by Flame, the malware that came to light Monday, points to state-sponsored cyber-espionage, and has been seen mainly as a geopolitical event. But the Flame code, which extracts data from networked computers and sends it to remote servers controlled by hackers, should also be seen by CIOs as a potential commercial threat and should cause them to reassess their Security Solutions – both on-premise and in the cloud.
Flame represents a next generation of malware because, while it combines many known ways of attacking systems and transmitting data back to remote servers, it is unique in how it has combined all of those malicious characteristics. Although many cyber-security experts have said most companies that create intellectual property – including a wide assortment of activities from pharmaceutical research to financial services and oil drilling – have already had their systems hacked, it may not be too late for CIOs to protect critical data. But, say experts, they will have to carefully assess their own networks, as well as their relationships with software vendors and cloud service providers with whom they do business.
Help Desk Services and analysts say that Flame should serve as a reminder to CIOs of how vulnerable they are, and give them a greater sense of urgency. Indeed the CIO of Land O’ Lakes, says he learned about Flame on the radio on his way into the office Tuesday, and his thoughts turned immediately to his cloud vendors. Like many CIOs, he has software running both on-premise and in the cloud, and says Flame is equally threatening to cloud and on-premise applications, but he wonders more about the risk mitigation strategies employed by his cloud partners. The question is, who will respond more quickly — cloud providers or his own internal data centers?
That’s a good question – cloud vendors generally do not accept liability for their clients data in the cloud.
The terms of service for Amazon’s AWS web services stipulate that the cloud vendor doesn’t accept liability for lost or altered data, and that customers are responsible for taking your own steps to maintain appropriate security, protection and backup of Your Content, which may include the use of encryption technology to protect Your Content from unauthorized access and routine archiving Your Content.
A Microsoft spokesperson said the company does accept liability for customer data on its Azure cloud platform, unless the customers themselves configured software improperly or otherwise created the conditions for a data breach. Rackspace and Google did not reply to requests for comment at the time of this writing.
Maintaining network security is hard enough on company-owned networks, but if you throw it over the wall to the cloud vendor and you don’t have visibility and control, it becomes impossible. Cloud vendors should provide customers with security tools, even if the customers themselves are responsible for configuring them.
The senior vice president and CIO of Hostess Brands Corporation, seemed to have these challenges in mind when he said he believes companies are limiting much of the data that they move to the cloud to less-critical information, because they are concerned about security. Until CIOs can get a comfort level that is tenable and sustained, the movement to the cloud will be selective.
Closer to home, however, CIOs still have work to do. A security and privacy expert with the IEEE, a professional IT organization, says even a next generation of malware such as Flame can only get a toehold in an organization’s network by taking advantage of bad software. He blames vendors for building software that leaves customers susceptible to a malware attack, but says customers have to ask their vendors if the stuff you’re buying from them is secure or not, because a lot of people don’t even ask.
He says responsible vendors will respond honestly to that question.
CIOs need to ensure that software written by their own developers has security built into it, and can do this by following guidelines established in the BSIMM [Building Security In Maturity Model] standard. Beyond that, he said good security practice includes using tools to analyze existing software architecture, review code, and regularly hiring third parties to test the network for vulnerabilities by trying to penetrate it. McGraw says he’s “optimistic we’re actually making progress” in making safe software more ubiquitous. But, he said, the only way we can get in front of [issues like Flame] is building systems to be secure in the first place.
A Gartner analyst says Flame highlights the fact that we have to take a multi-pronged approach to malware. No single approach will be a silver bullet. New technologies that analyze the behavior of applications on networks can identify malware before it executes its code. Older anti-virus applications depend on being able to recognize the code used by malware, whereas newer generations of technology can see whether a particular type of application, like a PDF file, is trying to execute code – which it shouldn’t normally do.
An independent cybersecurity analyst, says CIOs should create an inventory of all a company’s data and classify it according to its value, much like the government does with state secrets. They should then take the equivalent of “top secret” data off the Internet. CIOs should also segregate data that is important but not critical, and monitor which persons and applications have access to it.
The reason this isn’t common practice is that many CIOs think about security in terms of legal requirements rather than common-sense approaches. Security is often a matter of compliance. Knowing where your critical data is isn’t an obligation, so it’s not done.
For more national and worldwide Business News, visit the Peak News
Room blog.
For more local and state of Michigan Business News, visit
the Michigan Business News blog.
For more Health News, visit the
Healthcare and Medical News blog.
For more Electronics
News, visit the Electronics America blog.
For more Real Estate News,
visit the Commercial and Residential Real Estate blog.
For more Law News,
visit the Nation of Law blog.
For more Advertising
News, visit the Advertising, Marketing and Media blog.
For more Environmental News,
visit the Environmental Responsibility News blog.
For information on website optimization or for the latest SEO News, visit the SEO Done Right
blog.
Subscribe to:
Posts (Atom)