JP Morgan Chase and at least one more bank has been compromised by a zero-day exploit leading to gigabytes of sensitive data. The incident is still under investigation but the attack reportedly came from a Russian hacking group in retaliation for sanctions imposed on the country due to the ongoing conflict in the Ukraine.
The FBI is further investigating if this group may also be related to a compromise of major European banks targeting the same vulnerability.
The group was able to gain initial access by exploiting a vulnerability in the company’s websites. Once hackers broke into the network, they were then able to stage additional attacks inside the data center and gain access to systems including account data.
Many of the tools used in the attack appear to be custom-made specifically for JPMorgan’s environment, indicating prior knowledge of the architecture of the network and internal systems. The attack took advantage of several zero-day exploits at multiple points on the network, leading many to believe this is beyond more traditional attacks from criminal groups that have been seen.
The data was exfiltrated to a server in Brazil, which then routed the data to a city in Russia. If the attack links to Russia under retaliation for sanctions, it opens up a new frontier in cyberwar. Traditionally, cyberwar activities were done in secret, consisting of probing and identifying weaknesses and targeting of government networks and related contractors.
By state actors targeting a private industry directly, it heightens the risks for both sides, increasing the chances of escalation with businesses and the economy taking a potential hit.
The group that targeted JPMorgan Chase was highly sophisticated and spent a great deal of time planning and executing their attack over the course of several months. It is difficult to determine if the group was state sponsored, or carried out through a criminal group acting alone. In Russia and Eastern Europe, the line between criminal groups and government is not so cut and dry and many of the criminal syndicates are just as well resources when it comes to finances, tools and skill sets.
The difficulty of investigating these crimes when traced back to Russia has been problematic for law enforcement due to the lack of assistance provided by the government, allowing many of these criminal syndicates to operate with impunity.
If state actors are targeting financial services sectors, the question remains what else they may target or have access to. The use of advanced zero-day exploits that many organizations cannot defend against raises the stakes substantially and will require better communication between the government, private industries and other organizations to help defend infrastructure.
Read More Here…