Seems like every week there is a cyber attack in the headlines. This week it is the compromise of 83 million customer records from JP Morgan Chase sometime this year. The attack methods are not as of yet released, but this incident checks many of the boxes that are all too common these days. First, it was going on for an extended period of time undetected, second the fact that there was a leak was not made public until absolutely necessary (a regulatory finding), and finally the motives of the attack were financial. There were reports of this potentially being politically motivated, but based on what I have learned throughout this course, this is probably not the case. A vast majority of cyber attacks are financially motivated, and the political angle serves to make a story where there probably isn't one.
So what does one do with 83 million customer records? Usually, they sell it on the black market. These records did not contain account information such as usernames or passwords. They did contain customer names, addresses, phone numbers and email addresses. The exact kind of information for spamming or phishing purposes. This is not as valuable as passwords and usernames, but it can be valuable to hackers because it fills in a piece of the puzzle. They don't know what your account information is, but they know two important pieces of information:
1. They know who you are and how to contact you via e-mail, phone, or postal.
2. They know that you have an account with JP Morgan Chase.
This makes anyone with an account with this bank a prime candidate for a phishing attack. You can change your passwords immediately, but most likely the attack is yet to occur. What these people must do is educate themselves and their family on phishing protection and be extra vigilant towards anything they receive from the bank, because the attack is most definitely coming. With that many records compromised the hackers who end up with the information can cast a very wide net. I found This Reuters link interesting. It goes into some of the ways this information is broken up and sold based on location with wealthy demographics going for more money on the market.
No comments:
Post a Comment