Hackers appear to have stolen data from JPMorgan Chase and at least one other U.S. bank in retaliation for economic sanctions against Russia.
The raid on the banks’ computer systems resulted in the theft of gigabytes of sensitive data, Bloomberg reported Wednesday evening.
JPMorgan did not confirm the incident.
“Companies of our size unfortunately experience cyberattacks nearly every day,” JP Morgan Chase spokesperson Michael F. Fusco told the E-Commerce Times. “We have multiple layers of defense to counteract any threats and constantly monitor fraud levels.”
However, the FBI is conducting an investigation into reports of cyberattacks on U.S. banks.
“We are working with the United States Secret Service to determine the scope of recently reported cyberattacks against several American financial institutions,” FBI Supervisory Special Agent Joshua Campbell told the E-Commerce Times.
The sophistication and “technical indicators” of the attacks on the banks suggest a government link to the intrusions, but investigators have not ruled out criminal gangs in Russia or Eastern Europe as perpetrators, Bloomberg reported, citing unnamed sources.
The relationship between the government and organized cybercriminal gangs in Russia can be a muddy one.
The reason organized crime is tolerated in Russia, and to some degree protected, is that it’s sometimes akin to “patriotic acts,” explained Scott Borg, CEO and chief economist for the The United States Cyber Consequences Unit. They align what they’re doing with Russia’s political interests.
“While they’re doing that, they also like to make a profit,” Borg told the E-Commerce Times. “In this case, political events have shaped the target and the type of attack, but this is organized crime making a profit.”
The Russian government has, along with organized crime, a large cybermilitia that it can call on to do its bidding.
“They will carry out attacks that are in line with Russian policy,” Borg said. “It’s extremely unlikely that these attacks were carried out directly by Russian government or Russian military. It’s just not their style.”
Thieves Play Market
The kind of data that was stolen from the banks hasn’t been reported, although JPMorgan Chase did say that it has detected no unusual patterns of fraud since its data was expropriated.
“It’s quite likely that what the attackers were after was not information that they’d use for bogus credit card charges or thefts from customer accounts, but information to be used to anticipate movement in markets,” Borg said.
“We’ve seen an increasing number of cyberattacks over the last three years that were directed at stealing information that could be used to make a profit in the financial markets,” he added.
About the same time that JPMorgan’s systems were violated, a global phishing campaign was being directed against half a million of the bank’s customers. The campaign, discovered by Proofpoint, was designed to steal credentials from the bank’s customers and infect their computers with malware. However, the intrusion and phishing campaign don’t seem to be connected.
“We have seen no indication that the two events are linked,” Kevin Epstein, vice president for advanced security and governance atProofpoint, told the E-Commerce Times.
“That said, clearly the campaign we saw leveraged the JPMC brand in a negative way,” he continued, “and since phishing is a leading attack vector against corporations, it would not be unreasonable for an attacker who wanted to damage the brand to engage in multiple tactics against the institution and its customer base.”
Zero Day Flaw
Attackers see financial institutions and organizations as an opportunity not only to steal money, but also as a way to take down iconic American businesses, noted Tom Kellermann, chief cybersecurity officer at Trend Micro.
Geopolitical events “are now harbingers of cyberattacks. Economic sanctions can and will be met by cybersanctions, a new type of retaliation in today’s digital world,” he told the E-Commerce Times.
“These attacks are the result of an escalating cybercrime wave that began in late July and clearly demonstrates the high level of skill which organizations and enterprises are up against,” Kellermann said.
JPMorgan’s systems were compromised by exploiting a zero day vulnerability — that is, a never-seen-before flaw — in one of the bank’s websites, according to Bloomberg.
The use of a zero day flaw in the attack illustrates its importance to the intruders, noted Trey Ford, a global security strategist at Rapid 7.
“Zero day vulnerabilities are very valuable, but they lose their value very quickly after you use them,” he told the E-Commerce Times.
An employee’s computer reportedly was leveraged in the attack.
“Organizations like JPMorgan are going to be under constant assault from different angles,” Ford said. “They’ve got a lot of sophisticated processes to watch their computers, but all it takes is one or two users to click on a wrong link and you’re going to be in a world of hurt real quickly.”