Jump to content

usa jpmorgan chase cyber security exfiltrate data composite malware security community

  • Please log in to reply
No replies to this topic

#1 Hum


    totally wAcKed

  • 63,716 posts
  • Joined: 05-October 03
  • Location: Odder Space
  • OS: Windows XP, 7

Posted 30 August 2014 - 11:31

A respected cyber security expert tells FOX Business the hackers who targeted JPMorgan Chase’s computer systems were trying to send a poignant message: Even the most secure systems can be infiltrated.

Information security professionals see large financial firms as the gold standard. Since they have so much to lose if they’re hit with an attack, banks often invest millions to hire top-tier talent and build the best protection. And generally speaking, they have been very successful in thwarting a wide range of attacks, including frequent distributed denial-of-service attacks that bring their consumer-facing websites to a crawl.

That’s why news that five banks – including JPMorgan, which spends nearly a quarter billion a year on cyber security – came as such a shock to experts in the cyber security space.

“This is not a normal malware attack,” said Larry Ponemon, founder of The Ponemon Institute, a respected computer security think tank that is often tapped by the government and private firms, “it’s pretty scary.”

Ponemon said the computer programs – known as malware – were “very sophisticated,” exploiting methods that could even rival the Stuxnet worm that reportedly roiled Iran’s nuclear centrifuges. It’s likely, he said, that the software was actually “composite malware,” meaning multiple programs joined together to access banks’ systems and exfiltrate data, all while avoiding detection.

The U.S. security community is still working to reverse-engineer the malware. Ponemon said that means banks might not know yet whether they were, or are still being, hit. At the same time, it also speaks to the complexity of the attack.