News

Lessons Learned From JPMorgan Chase Breach

One of the most troubling lessons from the JPMorgan Chase data breach is that organized cybercrime gangs today are quite good at avoiding the patterns detectable by most security software.

“Most of the many millions of dollars spent on cybersecurity are focused on opportunistic attacks — hackers that enter through a security flaw and use common malware to steal information. The security software that prevents against these kinds of attacks is predictive and attempts to know what attacks will look like if hackers infiltrate the system so it can neutralize the problem quickly,” reported Venturebeat. The story quoted Eyal Firstenberg, VP of cyber research at cybersecurity firm LightCyber, that today’s cyberthieves deliberately avoid such predictability.

“It is just now that that we are witnessing the emergence of companies and technologies that do not presume to predict a specific attack vector, but it is still not widespread,” Firstenberg said, according to the story.

The cyberthief gang that attacked Chase—accessing data through a security hole in a Chase consumer-facing site—did extensive research and they were equipped with custom malware specifically targeted at Chase. The thieves who “attacked Chase and potentially other banks are called targeted attackers. They set their sights on a target, then spend resources heavily researching the target’s systems and security protocols before designing specific malware. ‘For targeted attackers, they learn the specific technologies deployed in the target and just use different maneuvers or tools and neutralize them,'” the story Firstenberg as saying.

——————————

PYMNTS LIVE ROUNDTABLE: TUESDAY, JULY 14, 2020 AT 12:00 PM (ET)

Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.

Click to comment

TRENDING RIGHT NOW