A detailed analysis on one of the biggest data breaches in history...What JP Morgan Chase & Co did wrong and proposed mitigation techniques. The data breach at J.P. Morgan Chase is yet another example of how our most sensitive personal information is in danger.
.
The document summarizes the WannaCry/WannaCrypt ransomware attack that affected over 200,000 victims globally in May 2017. It briefly describes how the ransomware works by encrypting files and demanding ransom payments in bitcoin. It also provides details on how systems get infected, the impacts on victims including encrypted files and ransom messages, and recommendations on how to protect systems by patching vulnerabilities and using backups.
Malware Dectection Using Machine learningShubham Dubey
Malware detection is an important factor in the security of the computer systems. However, currently utilized signature-based methods cannot provide accurate detection of zero-day attacks and polymorphic viruses. That is why the need for machine learning-based detection arises.
The document provides information about Michael C. Redmond, a Lead Strategic Consultant specializing in cybersecurity, information security, business continuity, and risk management. It lists their education, certifications, and contact information. It also discusses the importance of having an efficient cybersecurity incident response program to maintain operations, mitigate losses, and respond quickly to security incidents. The document emphasizes the role of a CSIRT (Computer Security Incident Response Team) in responding to increasing security breaches and data fraud.
Cyber Security Extortion: Defending Against Digital Shakedowns CrowdStrike
Real world lessons from CrowdStrike Services experts investigating complex cyber extortion attacks
The criminal act of theft is as old as civilization itself, but in the cyber realm new ways to steal your organization's data or profit by holding it hostage, continue to evolve. With each advancement in security technology, adversaries work tirelessly on new techniques to bypass your defenses. This webcast, "Cyber Extortion: Digital Shakedowns and How to Stop Them" examines the evolution of cyber extortion techniques, including the latest "datanapping" exploits. Whether it's an attack on a major movie studio, a massive healthcare system, or a global entertainment platform, recent extortion attempts demonstrate how critical it is to understand today's threat landscape so you can ensure that your organization mounts the best defense possible.
Download this presentation to learn what security experts from the cyber defense frontlines are discussing. Learn about:
•The range of extortion techniques being used today, including commonalities and differences in approaches
•Commodity type ransomware/datanapping vs. hands-on attacks — how are they alike and what are their differences?
•Potential outcomes of paying vs. not paying when attempting to recover data after an attack
•Real world examples of successful attacks and those that were thwarted or mitigated
•Strategies for keeping your organization from being targeted and what to do if you become the victim of a cyber shakedown
I presented this slides in the "Privacy Protection" subject, teached by Prof. Josep Domingo-Ferrer in the Master in Computer Security Engineering and Artificial Intelligence.
In this report, we breakdown the Target attack to 11 detailed steps, beginning with the initial credential theft of Target’s HVAC contractor to the theft of PII and credit cards. Particular attention is given to those steps, unknown until now, such as how the attackers were able to propagate within the network. Throughout this report we highlight pertinent insights into the Tactics, Techniques and Procedures (TTPs4) of the attackers. Finally, we provide recommendations on the needed security measures for mitigating similar advanced targeted attacks.
I wrote this paper on 2014 as the VP of Research for Aorato
This document discusses the scope and definitions of cyber security. It outlines typical cyber attacks like phishing, malware, and denial of service attacks. Recent significant cyber incidents are mentioned from 2019 targeting governments, companies, and individuals. The consequences of cyber attacks are job hindrances, data loss, and disciplinary actions. Finally, the document lists the top eight cyber safety actions to protect passwords, prevent identity theft, beware of phishing, avoid malware, run antivirus software, install updates, back up files, and turn on firewalls.
Ransomware is malware that locks devices or encrypts files to extort money in return for access. It is a growing threat for businesses. The document provides 11 steps to prevent ransomware infections, including regularly backing up important data, keeping software updated, training employees, and using security software with features like LiveGrid cloud protection. It also advises what to do if devices are already infected, recommending against paying ransoms.
The document summarizes the WannaCry/WannaCrypt ransomware attack that affected over 200,000 victims globally in May 2017. It briefly describes how the ransomware works by encrypting files and demanding ransom payments in bitcoin. It also provides details on how systems get infected, the impacts on victims including encrypted files and ransom messages, and recommendations on how to protect systems by patching vulnerabilities and using backups.
Malware Dectection Using Machine learningShubham Dubey
Malware detection is an important factor in the security of the computer systems. However, currently utilized signature-based methods cannot provide accurate detection of zero-day attacks and polymorphic viruses. That is why the need for machine learning-based detection arises.
The document provides information about Michael C. Redmond, a Lead Strategic Consultant specializing in cybersecurity, information security, business continuity, and risk management. It lists their education, certifications, and contact information. It also discusses the importance of having an efficient cybersecurity incident response program to maintain operations, mitigate losses, and respond quickly to security incidents. The document emphasizes the role of a CSIRT (Computer Security Incident Response Team) in responding to increasing security breaches and data fraud.
Cyber Security Extortion: Defending Against Digital Shakedowns CrowdStrike
Real world lessons from CrowdStrike Services experts investigating complex cyber extortion attacks
The criminal act of theft is as old as civilization itself, but in the cyber realm new ways to steal your organization's data or profit by holding it hostage, continue to evolve. With each advancement in security technology, adversaries work tirelessly on new techniques to bypass your defenses. This webcast, "Cyber Extortion: Digital Shakedowns and How to Stop Them" examines the evolution of cyber extortion techniques, including the latest "datanapping" exploits. Whether it's an attack on a major movie studio, a massive healthcare system, or a global entertainment platform, recent extortion attempts demonstrate how critical it is to understand today's threat landscape so you can ensure that your organization mounts the best defense possible.
Download this presentation to learn what security experts from the cyber defense frontlines are discussing. Learn about:
•The range of extortion techniques being used today, including commonalities and differences in approaches
•Commodity type ransomware/datanapping vs. hands-on attacks — how are they alike and what are their differences?
•Potential outcomes of paying vs. not paying when attempting to recover data after an attack
•Real world examples of successful attacks and those that were thwarted or mitigated
•Strategies for keeping your organization from being targeted and what to do if you become the victim of a cyber shakedown
I presented this slides in the "Privacy Protection" subject, teached by Prof. Josep Domingo-Ferrer in the Master in Computer Security Engineering and Artificial Intelligence.
In this report, we breakdown the Target attack to 11 detailed steps, beginning with the initial credential theft of Target’s HVAC contractor to the theft of PII and credit cards. Particular attention is given to those steps, unknown until now, such as how the attackers were able to propagate within the network. Throughout this report we highlight pertinent insights into the Tactics, Techniques and Procedures (TTPs4) of the attackers. Finally, we provide recommendations on the needed security measures for mitigating similar advanced targeted attacks.
I wrote this paper on 2014 as the VP of Research for Aorato
This document discusses the scope and definitions of cyber security. It outlines typical cyber attacks like phishing, malware, and denial of service attacks. Recent significant cyber incidents are mentioned from 2019 targeting governments, companies, and individuals. The consequences of cyber attacks are job hindrances, data loss, and disciplinary actions. Finally, the document lists the top eight cyber safety actions to protect passwords, prevent identity theft, beware of phishing, avoid malware, run antivirus software, install updates, back up files, and turn on firewalls.
Ransomware is malware that locks devices or encrypts files to extort money in return for access. It is a growing threat for businesses. The document provides 11 steps to prevent ransomware infections, including regularly backing up important data, keeping software updated, training employees, and using security software with features like LiveGrid cloud protection. It also advises what to do if devices are already infected, recommending against paying ransoms.
This presentation lets you understand about the biggest cyber-attack extortion in the history of the internet. It contains all details of what, how and whys of WannaCry Ransomware.
Cyber Threat Intelligence (CTI) primarily focuses on analysing raw data gathered from recent and past events to monitor, detect and prevent threats to an organisation, shifting the focus from reactive to preventive intelligent security measures.
Cyber crime & security final tapanTapan Khilar
This document discusses various types of cybercrimes and the relevant laws in India. It defines cybercrimes as crimes that involve computers and the internet. The key points covered are:
- Types of cybercrimes include hacking, phishing, computer viruses, cyber pornography, denial of service attacks, and software piracy.
- The Indian IT Act 2000 is the main law governing cybercrimes and has sections dealing with hacking, data alteration, unauthorized access, and publishing obscene material.
- Other relevant laws include the IPC for offenses like fraud, forgery and criminal breach of trust.
- Investigating cybercrimes involves computer forensics to preserve digital evidence that can be accepted in
Practical Applications of Machine Learning in Cybersecurityscoopnewsgroup
This document discusses machine learning and analytics applications in cybersecurity. It provides an overview of machine learning concepts and terms. It then discusses McAfee's analytic ecosystem and how machine learning, deep learning, and AI are applied across McAfee products. The document outlines risks in analytic development like bias, adversarial machine learning, and lack of explainability. It emphasizes the importance of an analytic development protocol that includes validation, verification, and risk assessment. The goal is to develop analytics in a responsible way and mitigate hype around new techniques.
The document provides a vision for cyber security in 2021, including emerging technologies, threats, and practices. It predicts that technologies like mobile computing, quantum computing, cloud computing, predictive semantics, and dynamic networks will impact cyber security. Threats will become more sophisticated through cyber warfare, crime, and activism. Cyber security practice will evolve to be more multi-dimensional and holistic through practices like cyber architecture and lifecycle management. A new lexicon for cyber security terms is also envisioned.
Ransomware is a type of malware that restricts access to an infected computer system until a ransom is paid. It has evolved since its origins in the late 1980s. There are two main types: locker ransomware that denies access to the computer, and crypto ransomware that encrypts files until ransom is paid. Notable ransomware variants include Reveton from 2012, CryptoLocker from 2013, and TorrentLocker and KeRanger from 2014 and 2016 respectively. Ransomware works by encrypting files using public key cryptography. People can help prevent infection by keeping software updated, using antivirus software, backing up files, and avoiding suspicious email attachments or links. Malwarebytes is an effective tool for
Cybercrime involves using computers to commit illegal activities and can take many forms. The document discusses the history and categories of cybercrime, including hacking, denial of service attacks, and software piracy. It also covers cyber security advantages like defending against hacks and viruses, and safety tips such as using antivirus software and firewalls. Pakistan has cyber laws and an agency to control cybercrime. In conclusion, cybercrime will likely continue evolving, so cyber security is needed to help protect users.
The document summarizes the top 5 security risks in banking:
1. Insider threats from employees or third parties with access pose the main risk, responsible for 82% of breaches. A notable example is the 2015 Morgan Stanley data theft.
2. Poor cybersecurity investments, with most banks focusing on products rather than comprehensive defense strategies, leave them vulnerable to unknown threats.
3. Legacy technology systems, which 92% of banks say will hamper combating financial crime. Attackers have benefited from banks' outdated systems.
4. Malware, frauds, and data breaches have increased significantly. 40% of financial transactions now occur on mobile devices, increasing fraud risks.
5. Un
This document is a seminar report submitted by students Krina and Kiran in partial fulfillment of requirements for a Bachelor of Engineering degree. It discusses ethical hacking, including an introduction defining key terms like threats, exploits, vulnerabilities, and targets of evaluation. It describes the job role of an ethical hacker and different types of hackers like white hats, black hats, and grey hats. The report is presented to satisfy degree requirements and obtain certification from their institute and guides.
This document discusses cyber attacks on the SWIFT global financial messaging network. It begins by providing background on SWIFT and explaining that cyber attacks on the network are a growing concern. It then describes different types of SWIFT attacks, including unauthorized fund transfers, data theft, malware infections, and others. Notable past attacks are discussed, such as the 2016 Bangladesh Bank heist where $81 million was stolen. The document stresses that coordinated prevention and response strategies are needed across borders to safeguard systems from these sophisticated cyber threats.
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
The document discusses cyber security. It introduces cyber security and the need for it to protect internet-connected systems, hardware, software and data from cyber attacks. It describes common cyber security threats like ransomware, malware, social engineering and phishing. It also discusses cyber security vendors, advantages of cyber security in defending against hacks and viruses, disadvantages like slowing systems down, and career opportunities in the field. The conclusion states that the only truly secure system is one that is turned off.
The document discusses a seminar on the 2014 cyber attack on Yahoo Mail. It provides details on the attack such as it targeting third-party databases to obtain usernames and passwords. It affected a "handful" of Yahoo servers but there was no evidence user data was compromised. The attackers seemed to seek names and email addresses from recent sent emails. Yahoo reset passwords on affected accounts and implemented measures to block further attacks. The document also covers techniques commonly used in cyber attacks like socially engineered trojans, unpatched software, and phishing. It details the specific phishing method used against Yahoo Mail and steps users should take if their Yahoo account is hacked.
This document discusses cybersecurity risks and challenges for banks. It notes that banks hold sensitive financial and customer data, making them attractive targets for sophisticated cyber attacks seeking monetary rewards. The document outlines key cybersecurity issues banks face such as regulatory compliance pressures, consumerization trends, emerging attack types like APTs, and the sophistication of threats. It provides examples of past attacks on banks and discusses security challenges from e-banking, mobile banking, outsourcing, and PSD2 regulations. The document advocates for strategies like threat intelligence, compliance with standards like PCI DSS and ISO 27001, and information security maturity to help banks mitigate cybersecurity risks.
This document discusses distributed denial of service (DDoS) attacks. It begins with an introduction that defines denial of service (DoS) attacks and how DDoS attacks differ in employing multiple compromised computers to coordinate a widespread attack. It then provides examples of targets that can be affected and overviews how DDoS attacks work by flooding the victim with traffic from many sources. The document goes on to discuss specific DDoS attack types, defenses against attacks, and how attacks are practically handled through router filtering, black hole routing, and traffic diversion techniques.
This chapter discusses various types of computer crimes such as hacking, online scams, fraud, embezzlement, sabotage, identity theft, and forgery. It explores the challenges of preventing, detecting, and prosecuting computer crimes while also protecting privacy and civil liberties. Key topics covered include the history and phases of hacking, different types of online scams and fraud, methods used to commit embezzlement and sabotage, causes and defenses related to identity theft and forgery, and the tensions between crime fighting techniques and preserving privacy.
Hacking involves stealing data and interrupting networks, while cyber security protects online data and software from unauthorized access. Common hacking techniques include phishing, tabnapping, man-in-the-middle attacks, and exploiting unpatched software vulnerabilities. Cyber security aims to defend against these threats and establish safe internet usage, but hackers often target user negligence around updating software. Experts recommend vigilance in maintaining cyber security protections.
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
Cyber Security & Data Protection India Summit 2018 aims to convene the best minds in Cybersecurity under one roof to create an interactive milieu for exchange of knowledge and ideas. The event will endeavour to address the emerging and continuing threats to Cybersecurity and its changing landscape, as well as respond to increasing risk of security breaches and security governance, application security, cloud based security, Network, Mobile and endpoint security and other cyber risks in the India and abroad.
J.P. Morgan Chase & Co. is an American multinational banking corporation founded in 2000 with $2.2 trillion in assets and 250,000 employees operating in 150 countries. The company aims to strengthen communities through expanding access to capital, leadership, and leveraging resources. Jamie Dimon serves as Chairman and CEO, overseeing diversity recruiting efforts led by Mark Settles. The company hosts "Lunch and Learns" with top executives and has various employee networking groups to attract, retain, and develop a diverse talent pool. J.P. Morgan Chase strives to link management rewards to diversity progress and build a diverse pipeline through universities and industry groups.
J.P. Morgan has over 200 years of history as a financial institution. It has grown through mergers and acquisitions, including forming from the merger of Chase Manhattan Corporation and J.P. Morgan & Co. in 2000. J.P. Morgan played an important role during financial crises like the 2008 crisis, and has historically shown leadership. It is now the largest bank in the U.S. by assets, providing a wide range of financial services globally.
This presentation lets you understand about the biggest cyber-attack extortion in the history of the internet. It contains all details of what, how and whys of WannaCry Ransomware.
Cyber Threat Intelligence (CTI) primarily focuses on analysing raw data gathered from recent and past events to monitor, detect and prevent threats to an organisation, shifting the focus from reactive to preventive intelligent security measures.
Cyber crime & security final tapanTapan Khilar
This document discusses various types of cybercrimes and the relevant laws in India. It defines cybercrimes as crimes that involve computers and the internet. The key points covered are:
- Types of cybercrimes include hacking, phishing, computer viruses, cyber pornography, denial of service attacks, and software piracy.
- The Indian IT Act 2000 is the main law governing cybercrimes and has sections dealing with hacking, data alteration, unauthorized access, and publishing obscene material.
- Other relevant laws include the IPC for offenses like fraud, forgery and criminal breach of trust.
- Investigating cybercrimes involves computer forensics to preserve digital evidence that can be accepted in
Practical Applications of Machine Learning in Cybersecurityscoopnewsgroup
This document discusses machine learning and analytics applications in cybersecurity. It provides an overview of machine learning concepts and terms. It then discusses McAfee's analytic ecosystem and how machine learning, deep learning, and AI are applied across McAfee products. The document outlines risks in analytic development like bias, adversarial machine learning, and lack of explainability. It emphasizes the importance of an analytic development protocol that includes validation, verification, and risk assessment. The goal is to develop analytics in a responsible way and mitigate hype around new techniques.
The document provides a vision for cyber security in 2021, including emerging technologies, threats, and practices. It predicts that technologies like mobile computing, quantum computing, cloud computing, predictive semantics, and dynamic networks will impact cyber security. Threats will become more sophisticated through cyber warfare, crime, and activism. Cyber security practice will evolve to be more multi-dimensional and holistic through practices like cyber architecture and lifecycle management. A new lexicon for cyber security terms is also envisioned.
Ransomware is a type of malware that restricts access to an infected computer system until a ransom is paid. It has evolved since its origins in the late 1980s. There are two main types: locker ransomware that denies access to the computer, and crypto ransomware that encrypts files until ransom is paid. Notable ransomware variants include Reveton from 2012, CryptoLocker from 2013, and TorrentLocker and KeRanger from 2014 and 2016 respectively. Ransomware works by encrypting files using public key cryptography. People can help prevent infection by keeping software updated, using antivirus software, backing up files, and avoiding suspicious email attachments or links. Malwarebytes is an effective tool for
Cybercrime involves using computers to commit illegal activities and can take many forms. The document discusses the history and categories of cybercrime, including hacking, denial of service attacks, and software piracy. It also covers cyber security advantages like defending against hacks and viruses, and safety tips such as using antivirus software and firewalls. Pakistan has cyber laws and an agency to control cybercrime. In conclusion, cybercrime will likely continue evolving, so cyber security is needed to help protect users.
The document summarizes the top 5 security risks in banking:
1. Insider threats from employees or third parties with access pose the main risk, responsible for 82% of breaches. A notable example is the 2015 Morgan Stanley data theft.
2. Poor cybersecurity investments, with most banks focusing on products rather than comprehensive defense strategies, leave them vulnerable to unknown threats.
3. Legacy technology systems, which 92% of banks say will hamper combating financial crime. Attackers have benefited from banks' outdated systems.
4. Malware, frauds, and data breaches have increased significantly. 40% of financial transactions now occur on mobile devices, increasing fraud risks.
5. Un
This document is a seminar report submitted by students Krina and Kiran in partial fulfillment of requirements for a Bachelor of Engineering degree. It discusses ethical hacking, including an introduction defining key terms like threats, exploits, vulnerabilities, and targets of evaluation. It describes the job role of an ethical hacker and different types of hackers like white hats, black hats, and grey hats. The report is presented to satisfy degree requirements and obtain certification from their institute and guides.
This document discusses cyber attacks on the SWIFT global financial messaging network. It begins by providing background on SWIFT and explaining that cyber attacks on the network are a growing concern. It then describes different types of SWIFT attacks, including unauthorized fund transfers, data theft, malware infections, and others. Notable past attacks are discussed, such as the 2016 Bangladesh Bank heist where $81 million was stolen. The document stresses that coordinated prevention and response strategies are needed across borders to safeguard systems from these sophisticated cyber threats.
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
The document discusses cyber security. It introduces cyber security and the need for it to protect internet-connected systems, hardware, software and data from cyber attacks. It describes common cyber security threats like ransomware, malware, social engineering and phishing. It also discusses cyber security vendors, advantages of cyber security in defending against hacks and viruses, disadvantages like slowing systems down, and career opportunities in the field. The conclusion states that the only truly secure system is one that is turned off.
The document discusses a seminar on the 2014 cyber attack on Yahoo Mail. It provides details on the attack such as it targeting third-party databases to obtain usernames and passwords. It affected a "handful" of Yahoo servers but there was no evidence user data was compromised. The attackers seemed to seek names and email addresses from recent sent emails. Yahoo reset passwords on affected accounts and implemented measures to block further attacks. The document also covers techniques commonly used in cyber attacks like socially engineered trojans, unpatched software, and phishing. It details the specific phishing method used against Yahoo Mail and steps users should take if their Yahoo account is hacked.
This document discusses cybersecurity risks and challenges for banks. It notes that banks hold sensitive financial and customer data, making them attractive targets for sophisticated cyber attacks seeking monetary rewards. The document outlines key cybersecurity issues banks face such as regulatory compliance pressures, consumerization trends, emerging attack types like APTs, and the sophistication of threats. It provides examples of past attacks on banks and discusses security challenges from e-banking, mobile banking, outsourcing, and PSD2 regulations. The document advocates for strategies like threat intelligence, compliance with standards like PCI DSS and ISO 27001, and information security maturity to help banks mitigate cybersecurity risks.
This document discusses distributed denial of service (DDoS) attacks. It begins with an introduction that defines denial of service (DoS) attacks and how DDoS attacks differ in employing multiple compromised computers to coordinate a widespread attack. It then provides examples of targets that can be affected and overviews how DDoS attacks work by flooding the victim with traffic from many sources. The document goes on to discuss specific DDoS attack types, defenses against attacks, and how attacks are practically handled through router filtering, black hole routing, and traffic diversion techniques.
This chapter discusses various types of computer crimes such as hacking, online scams, fraud, embezzlement, sabotage, identity theft, and forgery. It explores the challenges of preventing, detecting, and prosecuting computer crimes while also protecting privacy and civil liberties. Key topics covered include the history and phases of hacking, different types of online scams and fraud, methods used to commit embezzlement and sabotage, causes and defenses related to identity theft and forgery, and the tensions between crime fighting techniques and preserving privacy.
Hacking involves stealing data and interrupting networks, while cyber security protects online data and software from unauthorized access. Common hacking techniques include phishing, tabnapping, man-in-the-middle attacks, and exploiting unpatched software vulnerabilities. Cyber security aims to defend against these threats and establish safe internet usage, but hackers often target user negligence around updating software. Experts recommend vigilance in maintaining cyber security protections.
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
Cyber Security & Data Protection India Summit 2018 aims to convene the best minds in Cybersecurity under one roof to create an interactive milieu for exchange of knowledge and ideas. The event will endeavour to address the emerging and continuing threats to Cybersecurity and its changing landscape, as well as respond to increasing risk of security breaches and security governance, application security, cloud based security, Network, Mobile and endpoint security and other cyber risks in the India and abroad.
J.P. Morgan Chase & Co. is an American multinational banking corporation founded in 2000 with $2.2 trillion in assets and 250,000 employees operating in 150 countries. The company aims to strengthen communities through expanding access to capital, leadership, and leveraging resources. Jamie Dimon serves as Chairman and CEO, overseeing diversity recruiting efforts led by Mark Settles. The company hosts "Lunch and Learns" with top executives and has various employee networking groups to attract, retain, and develop a diverse talent pool. J.P. Morgan Chase strives to link management rewards to diversity progress and build a diverse pipeline through universities and industry groups.
J.P. Morgan has over 200 years of history as a financial institution. It has grown through mergers and acquisitions, including forming from the merger of Chase Manhattan Corporation and J.P. Morgan & Co. in 2000. J.P. Morgan played an important role during financial crises like the 2008 crisis, and has historically shown leadership. It is now the largest bank in the U.S. by assets, providing a wide range of financial services globally.
JP Morgan & Chase: IT Strategy and Key Success factorsAbhiJeet Singh
JPMorgan Chase is a large U.S. banking and financial services company formed in 2000 through the merger of JPMorgan & Co. and Chase Manhattan Bank. The document discusses JPMorgan Chase's key strengths including its large capital base, strong domestic presence, and mature brand. It analyzes the company's SWOT and describes several important IT applications developed in-house like Athena, CBB, and ERTRS that support its business operations. JPMorgan Chase invests heavily in IT, developing customized solutions and pursuing automation to gain cost advantages and efficiencies.
JPMorgan Chase acquired Bear Stearns in 2010. The document lists three notable properties - the former Bear Stearns headquarters at 383 Madison Avenue in New York City, the JPMorgan Chase Tower at 270 Park Avenue in New York City, and the Chase Tower in the Chicago Loop in Chicago. It appears to be presenting information about properties related to the 2010 acquisition of Bear Stearns by JPMorgan Chase.
This document provides a risk assessment report on the 2014 data breach at JPMorgan Chase based on the ISO 31000 framework. It summarizes the breach which compromised 83 million customer records, identifies stakeholders, assesses risks, and provides strategic recommendations. The key risks identified are operational, strategic, financial and legal. Recommendations focus on improved controls, authentication measures, and cooperation between the bank and external partners to prevent future breaches.
The document discusses a case study of a leading global financial firm's use of technology. It has a large turnover and employee base across asset management, commercial banking, investment banking, private banking, and securities/treasury services. The firm implemented the Eclipse open-source platform called OneBench to standardize application development and enable rapid deployment. This provided benefits like reusability, scalability, reduced development times, and cost savings. Potential issues discussed include adapting to changes in the competitive financial services landscape and ensuring the technology initiatives can scale with business needs.
J.P. Morgan has a 200+ year history as a leading financial institution. It provides services across investment banking, sales and trading, asset management, and corporate banking. After mergers over the decades, it is now one of the largest banks in the U.S. by assets. The document outlines J.P. Morgan's business lines and history of acquisitions and milestones.
JP Morgan Chase developed the OneBench platform using the open source Eclipse framework to improve efficiency in application development. OneBench allows developers to build applications in hours rather than weeks. This has lowered costs and freed resources to focus on new projects. By adopting an open source approach, JP Morgan Chase has established a reusable and customizable platform that supports enhanced security, interoperability, and scalability. Some risks remain in long-term support costs and potential job losses from improved efficiency. On balance, the use of Eclipse and creation of OneBench has helped JP Morgan Chase achieve its goals.
A risk assessment determines risks and dangers in workplaces by analyzing potential hazards, finding safe solutions to avoid injury or property damage, and determining if an activity can be done safely. Risk assessments are needed to assess any dangers people could face in a lab and reduce risks of harm. A risk assessment should identify possible lab dangers, guidelines for protecting people, and follow five steps: identifying hazards, deciding who could be harmed, evaluating risks and precautions, recording findings, and reviewing the assessment yearly.
This document discusses three theories - stockholder theory, stakeholder theory, and social contract theory - and how they relate to a recent security breach at JP Morgan. Under stockholder theory, JP Morgan responded properly by announcing the problem while taking proactive steps to solve it. For stakeholder theory, it is difficult to say if JP Morgan invested enough in security given the massive number of daily threats. Finally, regarding social contract theory, JP Morgan avoided breach by promptly announcing the hack to the public, and the physical environment was not affected.
Insider Trading and the 08 Economic CrisisTerry Coulon
The document discusses illegal insider trading, its impact on the 2008 financial crisis, and whether the laws around it need amendment. It defines legal and illegal insider trading, noting that in 2008 illegal insider trading cases increased 25% from 2007 and the SEC brought 671 enforcement actions. The securities law has vague provisions around "manipulative and deceptive devices" and defines illegal insider trading. The document argues the law should be amended to close loopholes, increase penalties for offenders like loss of bonuses and stock, and longer prison times.
Case Study: Social Media Marketing Strategy @ JPMorgan Chase – Customer Servi...Rajesh Prabhakar
JP Morgan Chase, United States biggest bank has been actively using Twitter majorly for customer service as the bank's customer-service team responded to complaints, queries and also offered solutions to the problems and redressed the customer grievances.
This document discusses a thesis written by Sofya Frantslikh about mergers and acquisitions, with a case study on JP Morgan Chase. It provides an overview of mergers and acquisitions, defining different types such as horizontal, vertical, and conglomerate mergers. It also discusses regulations to prevent anti-competitive mergers and the factors driving the increase in mergers globally, such as technology, financing, and regulations. The case study then analyzes the merger between JP Morgan Chase and Bank One in detail.
JPMorgan Chase & Co. is the largest bank in the US and 2nd largest financial institution globally. It was formed in 2000 through the merger of Chase Manhattan Corporation and J.P. Morgan & Co. The company has over $2 trillion in assets, 258,965 employees in over 50 countries, and provides financial services as well as credit, investment banking, asset management, and private banking services to corporations, governments, institutions, and individuals worldwide.
EVERFI Webinar: The latest supreme court rulings on insider tradingMichele Collu
The Supreme Court upheld a grocer's conviction for insider trading based on tips from his brother-in-law. The Court held that a personal benefit, including gifts, to the tipper is sufficient for convicting tippees, even without financial gain by the tipper. This clarified that tipping valuable insider information to close family or friends breaches fiduciary duty and makes both tipper and tippee liable if the tippee trades on it. The ruling has significant legal and compliance consequences, as it expands tipper-tippee liability and requires compliance programs to effectively address nuanced insider trading scenarios involving gifts or other personal benefits.
We introduced a Change Management plan designed to increase cross-communications between departments and make more effective decisions, for the Risk Management division at JP Morgan Chase.
Recorded webinar on October 9, 2013.
Social media has become critical for associations to keep current members engaged and to reach new potential members.
While many associations are using social media as a communications outlet, very few have connected their online efforts to truly impact revenue for the organization.
Curt Moss, Senior Product Marketing Manager at WebLink International, will share how your organization can create social media strategies to help exceed your membership goals.
In this webinar you'll learn how to:
- Set goals for how using social media will benefit your organization.
- Create a plan for when and where to post.
- Take action on posts by your members.
- Measure your results.
- Evaluate your success and analyze the data.
Note: This webinar will contain all new content and have very little overlap with our LinkedIn webinar.
Example security risk assessment tool july 2010WarrenGreen
This document contains a security threat and risk assessment of various external and internal risks. It evaluates the likelihood and potential consequences of threats such as theft, fraud, hacking, sabotage, and data breaches. It rates the risks on a scale from low to extreme. For high risk threats, it recommends actions such as specifying management responsibilities, utilizing additional physical and human resources, and gaining senior management attention. The assessment tool is meant to help manage security risks and refers to several risk management standards.
The document discusses the history and evolution of ransomware attacks from 1989 to the present. It provides details on notable ransomware attacks like WannaCry in 2017 and NotPetya in 2017. WannaCry spread to over 150 countries and encrypted data on hundreds of thousands of computers, demanding ransom payments in bitcoin. It exploited a Windows vulnerability. NotPetya similarly spread rapidly through Ukraine and globally, affecting a major shipping company and causing over $10 billion in damages by encrypting and wiping data. The document outlines the modus operandi and impacts of these attacks as well as measures to prevent future ransomware infections like patching systems, isolating infected devices, and implementing security best practices.
The document discusses emerging threats to digital payments and outlines steps businesses can take to protect themselves. It notes that cyber attacks are a major security risk and new payment methods are fueling more attacks. The problems section details how criminals exploit new technologies, learning resources, and expanded access points. It asks questions around detecting and responding to attacks. The solutions section recommends training, vulnerability scanning, network segmentation, access control, monitoring, and intelligence sharing to help close security gaps against sophisticated attackers.
This document discusses ransomware attacks, including their history, impact, and mitigation strategies. It provides an overview of common ransomware types and how they work. Statistics are presented on organizations and countries most affected by ransomware. The COVID-19 pandemic is noted to have increased ransomware attacks by exploiting remote work vulnerabilities. Effective mitigation involves backups, antivirus software, user training, and following best practices if a ransomware attack occurs.
Cybersecurity in BFSI - Top Threats & Importancemanoharparakh
Cybersecurity has been the major area of concern throughout 2022 and now 2023 is all set to witness a new version of cyber-attacks with advanced technologies.
Cybercriminals will continue to exploit new technologies like machine learning and blockchain in 2018:
- Ransomware and digital extortion will remain lucrative criminal business models, fueled by ransomware-as-a-service and cryptocurrencies like bitcoin.
- Vulnerabilities in IoT devices will expand the attack surface as more devices connect to networks.
- Losses from business email compromise scams will exceed $9 billion globally as these scams prove effective through social engineering.
- Cyberpropaganda efforts will spread using tried-and-true spam techniques on social media to manipulate public opinion.
- Threat actors will leverage machine learning and blockchain to advance their evasion techniques and stay one
- Ransomware and digital extortion will remain highly profitable methods for cybercriminals in 2018. Ransomware-as-a-service models and cryptocurrencies like bitcoin enable widespread ransomware attacks. Cybercriminals may also extort companies by threatening to expose private data violations under new regulations like GDPR.
- Vulnerabilities in internet-of-things (IoT) devices will expand the potential attack surface as more devices connect to networks. Cybercriminals could abuse IoT devices for distributed denial-of-service attacks or to anonymize their online activities. The lack of secure update mechanisms for many IoT devices also poses risks.
- Specific device types like drones, wireless
Research a case that has been in the news in the last few years where.docxmtruman1
Research a case that has been in the news in the last few years where a major security breach occurred on a network; evaluate where it falls short and propose new solutions to mitigate future attacks.
Solution
JP MORGAN CHASE ATTACK IN 2014: It involves a cyber attack which took place in the the summer which compromised the information of about 76 million households. The information included customer names, addresses, phone numbers and email contact information. In addition, the breach affected about seven million of J.P. Morgan’s small businesses customers..The hackers were able to break into the computer system and access the information.
It falls shows due to unencryted information and no intrusion detection systems acquired by the company.
In order to mitigate these attacks:
1.Create a firewall.
2.Perform packet inspection of all the data enetering and leaving the network.
3.intrusion detection systems to detect intrusions and disconnect intruders immediately.
4.encrypting sensitive information so that unknown users cannot access them.
.
The frequency and impact of cyber attacks have escalated cybersecurity to the top of Board agendas. Institutions are no longer asking if they are vulnerable to cyber attacks. Instead, the focus has shifted to how the attack might be executed, risks and impact. Most importantly, their organisational readiness and resilience to such threats.
This document summarizes two cases where an active data breach was successfully detected using LightCyber's active breach detection solution. In the first case, a state-sponsored actor had been stealing intellectual property from a manufacturing company for 18 months before being detected. LightCyber detected anomalous network activity that revealed malware performing lateral movement. In the second case, a rogue employee at a media company had been infecting devices and stealing data for three months. LightCyber detected the employee's custom malware variant, exfiltration of data, and command and control traffic. Both cases showed that detecting active breaches requires analyzing a broad range of network and endpoint context.
The document provides 10 steps to safeguard a business from growing cyber threats. It notes that 72% of attacks target user identities and applications rather than servers and networks. The document then explores the current security landscape, why and how businesses may be vulnerable, and profiles different types of hackers including cyber criminals, state-sponsored attackers, hacktivists, and cyber terrorists. It discusses how new ways of working and an increasingly digital world have increased complexity and opportunities for cyber attacks.
1) The retail sector has been hit by a series of cyber attacks over the past few years that have compromised customer data at large companies like Target and Neiman Marcus.
2) Current cybersecurity approaches are too slow and reactive, focusing on malware after attacks occur rather than proactively detecting threats.
3) Behavioral cyber defense monitoring could have detected the abnormal behaviors of attackers on Target and Neiman Marcus' networks before data breaches occurred.
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxarnoldmeredith47041
The uniqueness of the text:
61.5%
SHOW ALL MATCHES
Page address
Similarity
View in text
http://yandex.ru/
18.1%
Show
http://google.ru/
20.3%
Show
http://yandex.ru/
1%
Show
I NEED HELP WITH MY CONTENT EDIT THIS TEXT CHECK ANOTHER TEXT
Information Security Issues Faced by Organizations In any organization, Information Security threats may be many like Software assaults, theft of intellectual belongings, identity robbery, theft of gadget or statistics, sabotage, and facts extortion. A risk can be something which could take gain of a vulnerability to breach security and negatively adjust, erase, damage object or gadgets of interest. Software attacks imply an attack by Viruses, Worms, Trojan Horses and so forth. Many customers consider that malware, virus, worms, bots are all the same matters. But they're now not identical, the simplest similarity is that they all are malicious software program that behaves differently. Apart from these threats, there are some headache information security threats they are: Cyberattack Threats: - Cyber-attacks are, of course, establishments’ pinnacle problem. There are many methods cybercriminals can target companies. Each will motive distinct types of harm and need to be defended in opposition to in one-of-a-kind methods. Some attacks, consisting of phishing campaigns, are typically designed to thieve private information. Others, such as ransomware and denial-of-carrier assaults, have several feasible pursuits, ranging from extorting cash to disrupting business operations for political reasons. Cyber threats, unfortunately, are getting an increasing number of risks in these days clever international. But what precisely is cyber risk? A cyber threat is an act or viable act which intends to scouse borrow records (non-public or in any other case), damage records or motive a few types of digital damage. Today, the time period is nearly exclusively used to explain records safety topics. Because it’s tough to visualize how digital signals touring throughout a cord can represent an assault, we’ve taken to visualizing the virtual phenomenon as a bodily one. A cyber-attack is an assault this is hooked up in opposition to a corporation (that means our digital gadgets) making use of cyberspace. Cyberspace, a digital space that doesn’t exist, has grown to be the metaphor to assist us to understand virtual weaponry that intends to harm us. What is actual, but, is the purpose of the attacker as well as the potential impact. While many cyberattacks are mere nuisances, a few are quite serious, even potentially threatening human lives. Malware: - Software that plays a malicious project on a goal tool or community, e.g. Corrupting facts or taking on a machine. Ransomware: - An attack that involves encrypting information on the goal system and traumatic a ransom in alternate for letting the consumer has got right of entry to the facts again. These assaults range from low-level nuisances to severe incidents just like the locking do.
This document summarizes a presentation on adapting to evolving cyber attack scenarios focusing on hacking and malware threats targeting financial applications. It discusses the evolution of cyber threats over time from basic intrusions to more advanced threats from fraudsters, hacktivists and cyber criminals. It highlights statistics on recent data breach incidents and examples of malware and hacking attacks used for online and credit card fraud. It also outlines measures to mitigate such threats, including client-side security, fixing vulnerabilities in web applications, transaction validation and authentication, and threat prevention and detection techniques. The presentation concludes by discussing skills, tools and techniques needed to support enterprise security strategies as cyber threats continue changing in the future.
With cybercrime (like denial of service, malware, phishing, and SQL injection) looming large in our digitized world, penetration testing - and code and application level security testing (SAST and DAST) - are essential for organizations to identify security loopholes in applications and beyond. We provide a guide to the salient standards and techniques for full-spectrum testing to safeguard your data - and reputation.
Welcome to the Threatsploit Report of covering some of the important cybersecurity events, incidents and exploits that occurred this month such as Application Security, Mobile App Security, Network Security, Website Security, API Security, Cloud Security, Host Level Security, Cyber Intelligence, Thick Client Security, Threat Vulnerability, Database Security, IOT Security, Wireless Security.
The document discusses the Maze ransomware and why it needs to be taken seriously. Maze encrypts victims' files and demands ransom payments, but unlike previous variants, it follows through on threats to publicly release stolen data if ransoms are not paid. Maze first appeared in 2019 and has been on a rampant attack spree against vulnerable businesses. It uses exploit kits and weak passwords to spread across corporate networks, encrypting and exfiltrating data in a two-pronged data breach and ransomware attack. The document warns that if ransoms are unpaid, attackers may release details of breaches, sell stolen information, inform stock exchanges and clients of hacks.
This document discusses cyber security in the era of networking. It covers several topics including types of cyber attacks like denial of service attacks and spoofing; threats like criminals, spies, and terrorists; vulnerabilities from insiders and supply chains; risks existing everywhere networked systems are used; and approaches to cyber crisis planning, mobile security, threat intelligence, next generation firewalls, access controls, surveillance, security awareness, and conclusions. Research areas discussed include scalable trustworthy systems, malware combating, and privacy-aware security.
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Tastemy Pandit
Know what your zodiac sign says about your taste in food! Explore how the 12 zodiac signs influence your culinary preferences with insights from MyPandit. Dive into astrology and flavors!
Structural Design Process: Step-by-Step Guide for BuildingsChandresh Chudasama
The structural design process is explained: Follow our step-by-step guide to understand building design intricacies and ensure structural integrity. Learn how to build wonderful buildings with the help of our detailed information. Learn how to create structures with durability and reliability and also gain insights on ways of managing structures.
Industrial Tech SW: Category Renewal and CreationChristian Dahlen
Every industrial revolution has created a new set of categories and a new set of players.
Multiple new technologies have emerged, but Samsara and C3.ai are only two companies which have gone public so far.
Manufacturing startups constitute the largest pipeline share of unicorns and IPO candidates in the SF Bay Area, and software startups dominate in Germany.
Part 2 Deep Dive: Navigating the 2024 Slowdownjeffkluth1
Introduction
The global retail industry has weathered numerous storms, with the financial crisis of 2008 serving as a poignant reminder of the sector's resilience and adaptability. However, as we navigate the complex landscape of 2024, retailers face a unique set of challenges that demand innovative strategies and a fundamental shift in mindset. This white paper contrasts the impact of the 2008 recession on the retail sector with the current headwinds retailers are grappling with, while offering a comprehensive roadmap for success in this new paradigm.
How MJ Global Leads the Packaging Industry.pdfMJ Global
MJ Global's success in staying ahead of the curve in the packaging industry is a testament to its dedication to innovation, sustainability, and customer-centricity. By embracing technological advancements, leading in eco-friendly solutions, collaborating with industry leaders, and adapting to evolving consumer preferences, MJ Global continues to set new standards in the packaging sector.
Recruiting in the Digital Age: A Social Media MasterclassLuanWise
In this masterclass, presented at the Global HR Summit on 5th June 2024, Luan Wise explored the essential features of social media platforms that support talent acquisition, including LinkedIn, Facebook, Instagram, X (formerly Twitter) and TikTok.
IMPACT Silver is a pure silver zinc producer with over $260 million in revenue since 2008 and a large 100% owned 210km Mexico land package - 2024 catalysts includes new 14% grade zinc Plomosas mine and 20,000m of fully funded exploration drilling.
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesHolger Mueller
Holger Mueller of Constellation Research shares his key takeaways from SAP's Sapphire confernece, held in Orlando, June 3rd till 5th 2024, in the Orange Convention Center.
The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...ABHILASH DUTTA
This presentation provides a thorough examination of Over-the-Top (OTT) platforms, focusing on their development and substantial influence on the entertainment industry, with a particular emphasis on the Indian market.We begin with an introduction to OTT platforms, defining them as streaming services that deliver content directly over the internet, bypassing traditional broadcast channels. These platforms offer a variety of content, including movies, TV shows, and original productions, allowing users to access content on-demand across multiple devices.The historical context covers the early days of streaming, starting with Netflix's inception in 1997 as a DVD rental service and its transition to streaming in 2007. The presentation also highlights India's television journey, from the launch of Doordarshan in 1959 to the introduction of Direct-to-Home (DTH) satellite television in 2000, which expanded viewing choices and set the stage for the rise of OTT platforms like Big Flix, Ditto TV, Sony LIV, Hotstar, and Netflix. The business models of OTT platforms are explored in detail. Subscription Video on Demand (SVOD) models, exemplified by Netflix and Amazon Prime Video, offer unlimited content access for a monthly fee. Transactional Video on Demand (TVOD) models, like iTunes and Sky Box Office, allow users to pay for individual pieces of content. Advertising-Based Video on Demand (AVOD) models, such as YouTube and Facebook Watch, provide free content supported by advertisements. Hybrid models combine elements of SVOD and AVOD, offering flexibility to cater to diverse audience preferences.
Content acquisition strategies are also discussed, highlighting the dual approach of purchasing broadcasting rights for existing films and TV shows and investing in original content production. This section underscores the importance of a robust content library in attracting and retaining subscribers.The presentation addresses the challenges faced by OTT platforms, including the unpredictability of content acquisition and audience preferences. It emphasizes the difficulty of balancing content investment with returns in a competitive market, the high costs associated with marketing, and the need for continuous innovation and adaptation to stay relevant.
The impact of OTT platforms on the Bollywood film industry is significant. The competition for viewers has led to a decrease in cinema ticket sales, affecting the revenue of Bollywood films that traditionally rely on theatrical releases. Additionally, OTT platforms now pay less for film rights due to the uncertain success of films in cinemas.
Looking ahead, the future of OTT in India appears promising. The market is expected to grow by 20% annually, reaching a value of ₹1200 billion by the end of the decade. The increasing availability of affordable smartphones and internet access will drive this growth, making OTT platforms a primary source of entertainment for many viewers.
Top mailing list providers in the USA.pptxJeremyPeirce1
Discover the top mailing list providers in the USA, offering targeted lists, segmentation, and analytics to optimize your marketing campaigns and drive engagement.
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraAvirahi City Dholera
The Tata Group, a titan of Indian industry, is making waves with its advanced talks with Taiwanese chipmakers Powerchip Semiconductor Manufacturing Corporation (PSMC) and UMC Group. The goal? Establishing a cutting-edge semiconductor fabrication unit (fab) in Dholera, Gujarat. This isn’t just any project; it’s a potential game changer for India’s chipmaking aspirations and a boon for investors seeking promising residential projects in dholera sir.
Visit : https://www.avirahi.com/blog/tata-group-dials-taiwan-for-its-chipmaking-ambition-in-gujarats-dholera/
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Case study on JP Morgan Chase & Co
1. Case Study: Information Security Risk Analysis on the
Cyberattack on J.P. Morgan Chase & Co.
Written by: Badejo, Victor Oluwajuwon
14th
February, 2016
2. Abstract
In whatis consideredbymanytobe one of the biggestbreachesinhistory, the cyberattackonJPMorgan
Chase & Co in July2014, has leftmanywithquestionsaboutthe overall securityof our cyberspace. The
attack was made publicinSeptember2014 but was discoveredbythe bank'ssecurityteaminlate July
2014, andwas not completelyhalteduntil the middle of August. Thiscase studyshowsinitsanalysis
that over76 Millioncustomeraccounts were exposed whendedicatedcriminals exploitedvulnerabilities
at the Workstation,LAN aswell asRemote accessdomainsof the company’sITinfrastructure.Failure to
turn on twofactor authenticationonaserver,the hackers eventuallygained high-leveladministrative
privilegesintothe bank.Over90 of the bank’sserverswere affected. Giventhe level of sophisticationof
the attack, it isbelieved thatthe attack was plannedformonthsandmay have involvedsome
coordinationorassistance froma foreigngovernment.
Furtheranalysiswere able tohelp narrow downthe breachto thatof confidentiality.It laterbreaks
downthe attack intothreat,vulnerabilityandthreataction.It proposesmitigationtechniques likemore
hardeningof networksystemstoavoidre occurrence.Italsoprovides countermeasureslikesecurity
freeze, todeal withthe riskthatoccurred andto handle future threatsresultingfromthe cyberattack.
The data breach at J.P.Morgan Chase is yetanotherexample of how ourmostsensitivepersonal
informationisindanger.
Key Terms
Confidentiality,cyberattack, workstationdomain,LAN domain, remoteaccessdomain, spearphishing,
boilerplate advice,twofactorauthentication.
3. 1. Introduction
J.P.Morgan Chase & Co. is one of the world'sbiggestbanksthatcontrolstotal assetsworthmore than
$2.59 Trillion. The Companyisengagedininvestmentbanking,financialservicesforconsumerswith
small businesses,commercial banking,financialtransactionprocessingandassetmanagement.J.P.
Morgan Chase'sactivitiesare organizedintofourbusinesssegments.The Company'sConsumer&
CommunityBankingsegment,The Corporate &InvestmentBank,The Commercial Banking(CB) andThe
AssetManagementsegment. (The NewYorkTimesCompany,2008).It is alsothe world’ssixthlargest
bankin termsof total assets.A bankwithsuch a record woulddefinitelybe aprime targetfor
cybercriminals.Byspendingmillionsannuallyonsecurity,the bankhasmaintainedahighlevel of
performance overthe years.
In July2014, the largestbank inthe UnitedStatesfell victimof awell-plannedcyberattack. The hackers
compromisedthe accountsof 76 millionhouseholdsand7millionsmall businesses.“Names,addresses,
phone numbersandemail addressesof the holdersandsmall businessaccounts,83in total, were
exposedwhencomputersystemsatJ.P.Morgan Chase & Co were compromisedbyhackers,makingit
one of the biggestdatabreachesinhistory”(Agrawal,2014).IntrusionwhichbeganinJune andwasn’t
discovered until Julygoestoshow the depthof the breach. “By the time the bank’ssecurityteam
discoveredthe breachinlate July,hackershadalreadyobtainedthe highestlevel of administrative
privilegetodozensof the bank’scomputerservers.”(Silver-Greenberg,2014).The fact that ittook
authoritiessuchatime to detectthe attack showshow vulnerableJ.P.Morganandother financial
institutionsare tocybercrime.
4. 2. Analysis
The cyberattack onJ.P. Morgan exposednew levelsof vulnerabilitiestofinancial institutions.Previous
breachesat bankshad involvedtheftof personal identificationnumbersforATMaccounts,not
burrowingdeepintothe internal workingsof bank’scomputersystems.(Silver-Greenberg,2014).Prior
to the attack, financial institutionswere considered safe because of theirinvestmentsinmitigating
online threatsaswell asintrainingsecuritystaff.Thismade itdifficulttodetectthe breach,asit
exploitedvulnerabilitiesthe companyhadprobablyconsideredasresidual risk.
The hackers were able toobtaina listof applicationsandprogramsthatran onthe bank’scomputers
and createda road map usingvulnerabilitiesintheseprogramsandapplications,asan entrypointinto
the bank’ssystems.The cybercriminalsgainedhighlevelaccessintothe company’ssystems, butthe
bankwas able to detectand stop the hackersbefore theycouldsiphoncustomeraccounts.
2.1 AddressingCIA
Confidentiality
Clearly,the cyberattackonJ.P. Morgan Chase & Co,was a breachof confidentiality. “The hackerswere
able to reviewinformationaboutamillioncustomeraccountsandgain accessto a listof the software
applicationsinstalledonthe bank’scomputers”.(Goldstein,2014).The goal of confidentialityisto
ensure the protectionof private and/orpersonal information, J.P.MorganChase &Co. clearlyfailedto
protectthe informationof itscustomers.
Althoughitmightbe difficulttofindeverylastvulnerabilities,below isbreakdownof the attackinto
threat,vulnerabilityand threataction.
Threat Vulnerability Threat Action
(WorkstationDomain)
(Unintentional
Threats)
Uninformed
Employees(lacking
propersecurity
training)
SessionHijackingasa
resultof Improper
securitymeasures
outdatedpatchingof
programsand
applications
Malware installationdueto
outdatedantivirus
Undetectedand
unauthorizedaccessto
programsand applications
that interactwithservers
on the network through
the workstation
(LAN Domain)
(IntentionalThreats)
Hackers
Failure toupgrade one of
itsnetworkservers
Two factor
authenticationswitched
off on a server
NewPatchesnotapplied
Accessto insecure server
throughwhichfurther
confidentialinformation
was retrieved
Names,Addresses,Phone
numbersand e-mail
addressesof 83 million
account holdershadbeen
exposed
5. The possibilitythatcrooks
mightbe able to produce
more convincingphishing
attacks usingthe stolen
information.
(Remote AccessDomain)
(IntentionalThreats)
Hackers
Failure tocheck login
passwordsforcase
sensitivityonwebsite
Remote accessto the
company’swebsite by
unauthorizeduserswhoin
turn stole valuable
information.
2.2 Addressingthe Typical IT Infrastructure Domains.
2.2.1 WorkstationDomain
The hackers were able toexploitthe vulnerabilitiesatthe workstationdomainandeventuallygained
access to programsand applicationsinstalledonJ.P.Morgan’ssystems.Thisthreatactioncouldhave
beenpossiblethroughsessionhijackingof aninactive user.Once the hackerswere able togetaccessto
the listof programs and applicationsrunningonthe systems,theythencrosscheckedtheseprograms
for furthervulnerabilitiesi.e.securityweaknesses. Itcouldhave alsobeenasa resultof an outdated
anti-viruswhichpermittedamalware tobe installedonthe system.The malware’sfunctioncouldhave
beentoread and recordprogramsand applicationsrunninginthe system.Thisthenbecameanentry
pointintothe company’sservers.
2.2.2 LAN Domain.
The hackers thencontinuedtheirexploitof the networkatthe LAN domain as a resultof vulnerabilities
presentthere aswell aftergaininginitial accessthroughthe workstationdomain. “Hackersbroke into
J.P.Morgan's networkthrougha giantsecurityhole leftopen byafailure toswitchontwo-factor
authenticationonanoverlookedserver.Failedtoupgrade one of itsnetworkservers,meantthataccess
was possible withoutknowingacombinationof apassword and the value of a one-time code.The
workingtheoryisthathackersusedcompromisedaccesstothe insecure serverasa launchpad for
attacks againstmore sensitivesystems.”(Leyden,2014)
At thispoint, the hackersalreadyhada strong footholdwithaccesstologincredentials,highlevel
passwords,aswell asthe listof all programsand applications.The attackcouldtherefore be continued
remotelyanditwasonlya matter of time before the hackerswere able tobreak into90 serversinthe
company,therebygainingaccesstomillionsof customerdetails.
2.2.3 Remote Access Domain.
The website fora corporate challenge organizedbythe bank,whichwas managedbya thirdparty was
attackedas well. “Followingthe bank’sinvestigation,itwasdiscoveredthatthe hackershad
compromisedsome user’s loginandpassworddetailstothe website. Afterthe Corporate Challenge
attack, J.P.Morgan senta letterto some website userssayingthatithad discoveredthathackershad
compromisedlogincredentialsandpasswords.Butthe bankdoesnotbelieve thatthe websiteattack
6. was the entrypointforthe broader intrusionintoJ.P.Morgan’snetwork.”(The New YorkTimes
Company,2008)
The remote accessdomainwas exploitedasaresultof userswhologgedinintothe company’swebsite
fromvariouslocationsfora corporate challenge organizedbythe bank.Although,the claimbythe bank
mightbe true,it alsopointsto the fact that vulnerabilitiesinthe site wasexploitedbyhackerswho used
remote accessas an entrypointto the bank’ssystems.The levelof penetrationiswhatisleftunknown.
Some userscomplainedinthe commentsectionof the New YorkTimespublicationthat,the website
was notcase sensitiveinreceivingpasswords. Accordingtoa particularwoman,“There isan ongoing
securityissue where the application (website)isnotcheckingthe loginpasswordsforcase sensitivity.I
am able to logintomy account irrespective of whetherI enteruppercase or lowercase alphabets. This
isa majorsecurityriskandchase doesn'tseemtohave beenbotheredaboutit.Ihave openedaticket
withcustomerservice buthaven'theardbackfrom them.”
2.3 MitigationTechniques
The vulnerabilities thatwere exploitedcanbe categorized intotwomaingroups.
Disclosure:A situationwhereby unauthorizedusers gainaccesstoinformationorinformation
systems.
Interception:A situationwherebyunauthorizeduserscopyinformationfromserversoron
networks.
The bank couldhave avoidedthe attackif it had considered the following:
i. Employee awareness:More attentionshouldbe giventothe trainingof staff astheyare
more susceptible toreveal personal informationwithoutrealizingit.Regularpractice based
testswouldensure employeesare uptodate withthe vulnerabilitiesassociatedwiththeir
jobs.The hackersmost likelygotthe listof all programsrunningonthe bank’ssystems
throughan employee’sworkcomputer. Betteremployee awarenesscouldhave prevented
disclosure.
ii. Hardeningnetworkoperatingsystemsandnetworkdevices:If properpatcheswere applied
regularly,the level of accessof the attackerscouldhave beenreduce andthe bank would
have avoidedthe breachof itsservers.Failure toswitchontwofactor authentication
shouldn’tbe happeningatsucha large organization.Thisultimatelycouldhave prevented
Interception.
2.3.1 Countermeasures
The analysisclearlyshowsthatthe banksufferedaconfidentialitybreach.The bestwaytomitigate such
a losswouldbe to lookintopossible furtherthreatsthatcouldoccur withthe informationgathered.We
wouldtherefore lookattwomain ways to reduce the impactof the loss.
i. SecurityFreeze
ii. BoilerPlate Advice
7. Security Freeze:“A CreditFreeze,alsoknownasaSecurityFreeze, isawayfor youto have maximum
control of accessto your credit.A more dramatic stepto protectyourcredit.”(TransUnion,2016). A
Securityfreeze wouldbe agoodcountermeasure forcustomersof J.P.Morganaftersuch a hack on the
company. Securityfreezesare basically designedtopreventacreditreportingcompanyfromreleasing
your creditreportwithoutyourconsent. While itinterfereswiththe timelyapprovalof anysubsequent
requestorapplicationyoumake regardinganew loan,credit,mortgage,governmentservicesor
payments, utilities orotherservices,iteliminatesanymonetarylossof the customer’smoneyduring
thisperiod. (SecurityFreeze)
BoilerPlate Advice:Afterthe hack,J.P.Morgan advisedcustomersonitswebsitethatitdoesnot
believetheyneedtochange theirpasswordsoraccount information.Thisseemslike awrongdecision. A
template thatstatesthe waysof protectingthemselvesfromphishingattacks shouldbe distributedto
customers.“Regularlymonitorall of youraccounts;read everytransactiononyourcreditstatement
everymonth;andcheck eachof yourthree creditreportsregularly,whichyouare allowedtodofree at
leastonce a year.” (Bernard,2014)
3. Conclusion
What the hackersare planningto do withthe data fromJ.P. Morgan remainsunknown.The biggestrisk
isthat they will tryto extractmore sensitive informationfromaffectedconsumers. “Itispossible that
the thievescouldsell the J.P.Morgandatato others,whocouldthencombine itwithpubliclyavailable
information,foundthroughcensusdataor social media”,saidPamDixon,executive director atthe
WorldPrivacyForum.What thismeansis thatalthoughthe hack has beendetectedandstopped,
customersof J.P.Morgan are still likely tobe victimsof spearphishing.
3.1 SilverLining
Despite the factthat over76 millionaccountswere affectedbythe hack,there are still some positivesto
note. A good pointto note,isthe fact that no monetarylosswasincurredbythe customersaffected.
Although,the factthat nomoneywastakendidnot necessarilymeanitwasa case of state-sponsored
espionage, itcouldmeanhackerswere able toaccess a call logof whoto victimize, butwere detected
and couldn’tsiphoncustomeraccounts.A logof whoto victimize wasstolen,butthatitself isnot
enoughtosteal someone’sidentity. AccordingtoKristinLemkau,aJ.P.Morgan spokeswoman.“We are
confidentwe have closedanyknownaccesspointsandpreventedany future accessinthe same way”
(Goldstein,2014).Ms. Lemkauaddedthat the bankhad “not seenanyunusual fraudactivity”since the
intrusionwasdiscoveredandsaidthatthere was“no evidence thattheyhave takenanyproprietary
software”orhad a “blueprint”of the bank’scomputernetwork"(Goldstein,2014).
Goldstein,2014, asksa goodquestion,“Have some othertrapdoorsbeenleftoverthatcan be
accessed?”The claimisthat there isno evidence of breachof closelyguardedinformation.Absence of
evidence howeverdoesnotconstitute evidence of absence. AccordingtoBruce Schneier, “Securityis
out of your control,the onlythingyoucan do isagitate for lawsaboutregulatingthird-partyuse of your
data and howthey store it,use it and collectit”(Bernard,2014)
8. References
Bernard,T. S. (2014, October3). Waysto ProtectYourself After theJPMorgan Hacking. Retrievedfrom
The NewYork TimesCompany:http://www.nytimes.com/2014/10/04/your-money/jpmorgan-
chase-hack-ways-to-protect-yourself.html?ref=dealbook
Goldstein,N.P.(2014, September12). AfterBreach,JPMorgan Still Seeksto DetermineExtent of Attack.
RetrievedfromThe NewYorkTimesCompany:
http://www.nytimes.com/2014/09/13/technology/after-breach-jpmorgan-still-seeks-to-
determine-extent-of-attack.html?ref=dealbook&_r=0
Leyden,J.(2014, December23). JPMorgan Chasemega-hackwasa simpletwo-factorauth fail.
RetrievedfromThe Register:
http://www.theregister.co.uk/2014/12/23/jpmorgan_breach_probe_latest/
SecurityFreeze. (n.d.).Retrievedfromhttp://www.experian.com/consumer/security_freeze.html
Silver-Greenberg,M.G. (2014, October2). Dealbook.nytimes.com. Retrievedfromnytimes.com:
http://dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security-
issues/?_php=true&_type=blogs&_r=1
Sousa,L. D. (2016, January 26). RiskManagementFundamentals.Vancouver,BritishColumbia,Canada.
Tanya Agrawal,D.H. (2014, October2). ThomsomReuters. RetrievedfromThomsomReuters:
http://www.reuters.com/article/us-jpmorgan-cybersecurity-idUSKCN0HR23T20141003
The NewYork TimesCompany.(2008). The New York Times Company. Retrievedfromnytimes.com:
http://topics.nytimes.com/top/news/business/companies/morgan_j_p_chase_and_company/in
dex.html
TransUnion.(2016). Credit Freeze. RetrievedfromTransUnionLLC: https://www.transunion.com/credit-
freeze/place-credit-freeze
Wikipedia.(2015,December8). Wikipedia.RetrievedfromWikipedia:
https://en.wikipedia.org/wiki/2014_JPMorgan_Chase_data_breach