It was only earlier this week news surfaced that JPMorgan customers were being targeted in a broad e-mail phishing campaign. The campaign attempted (to an unknown degree of success) to collect credentials for that bank and also infect PCs with a virus for stealing passwords from other institutions.
The FBI and Secret Service are now studying the ‘scope’ and severity of these cyberattacks. Bloomberg reported Wednesday that JPMorgan Chase and at least four other financial institutions had been breached by Russian hackers. The Times reported that “gigabytes” of information have been reported stolen. Information includes customer personal info and account information at the very least. Other compromised data can include postal addresses, email, and credentials for a variety of websites on infected PCs.
As of now, the attack is believed to have stemmed from an employee’s personal computer, which was infected with malware that provided a VPN tunnel into the bank’s networks.
JPMorgan spokeswoman Trish Wexler has not confirmed the attacks yet, stating that “companies of our size unfortunately experience cyberattacks nearly every day.”
Several US Banks have already been hit with online cyberattacks this year, including Wells Fargo, Bank of America, Citigroup, HSBC, and JPMorgan. These attacks, however, were believed to have originated from Iran and were not looking to steal customer data, instead distributing denial-of-service attacks that forced the banks’ websites to shut down temporarily.
Wells Fargo, Bank of America, and Citigroup could not be immediately reached for comment.
At least one of the attacks was executed via a zero-day vulnerability in one of the bank’s websites. Zero-day flaws are holes in website security that do not currently have a patch.
In order to protect all devices across your network, EdgeWave has developed and provides military grade, multi-layered security in conjunction with human analysts who intercept malware before it reaches its target. Read EdgeWave’s Data Sheet or visit our webpage for more information on how to protect your organization against outside threats.