SlideShare a Scribd company logo

Case study on JP Morgan Chase & Co

Download as DOCX, PDF
V
Victor Oluwajuwon Badejo

A detailed analysis on one of the biggest data breaches in history...What JP Morgan Chase & Co did wrong and proposed mitigation techniques. The data breach at J.P. Morgan Chase is yet another example of how our most sensitive personal information is in danger. .

Business
1 of 8
Case Study: Information Security Risk Analysis on the Cyberattack on J.P. Morgan Chase & Co. Written by: Badejo, Victor Oluwajuwon 14th February, 2016
Abstract In whatis consideredbymanytobe one of the biggestbreachesinhistory, the cyberattackonJPMorgan Chase & Co in July2014, has leftmanywithquestionsaboutthe overall securityof our cyberspace. The attack was made publicinSeptember2014 but was discoveredbythe bank'ssecurityteaminlate July 2014, andwas not completelyhalteduntil the middle of August. Thiscase studyshowsinitsanalysis that over76 Millioncustomeraccounts were exposed whendedicatedcriminals exploitedvulnerabilities at the Workstation,LAN aswell asRemote accessdomainsof the company’sITinfrastructure.Failure to turn on twofactor authenticationonaserver,the hackers eventuallygained high-leveladministrative privilegesintothe bank.Over90 of the bank’sserverswere affected. Giventhe level of sophisticationof the attack, it isbelieved thatthe attack was plannedformonthsandmay have involvedsome coordinationorassistance froma foreigngovernment. Furtheranalysiswere able tohelp narrow downthe breachto thatof confidentiality.It laterbreaks downthe attack intothreat,vulnerabilityandthreataction.It proposesmitigationtechniques likemore hardeningof networksystemstoavoidre occurrence.Italsoprovides countermeasureslikesecurity freeze, todeal withthe riskthatoccurred andto handle future threatsresultingfromthe cyberattack. The data breach at J.P.Morgan Chase is yetanotherexample of how ourmostsensitivepersonal informationisindanger. Key Terms Confidentiality,cyberattack, workstationdomain,LAN domain, remoteaccessdomain, spearphishing, boilerplate advice,twofactorauthentication.
1. Introduction J.P.Morgan Chase & Co. is one of the world'sbiggestbanksthatcontrolstotal assetsworthmore than $2.59 Trillion. The Companyisengagedininvestmentbanking,financialservicesforconsumerswith small businesses,commercial banking,financialtransactionprocessingandassetmanagement.J.P. Morgan Chase'sactivitiesare organizedintofourbusinesssegments.The Company'sConsumer& CommunityBankingsegment,The Corporate &InvestmentBank,The Commercial Banking(CB) andThe AssetManagementsegment. (The NewYorkTimesCompany,2008).It is alsothe world’ssixthlargest bankin termsof total assets.A bankwithsuch a record woulddefinitelybe aprime targetfor cybercriminals.Byspendingmillionsannuallyonsecurity,the bankhasmaintainedahighlevel of performance overthe years. In July2014, the largestbank inthe UnitedStatesfell victimof awell-plannedcyberattack. The hackers compromisedthe accountsof 76 millionhouseholdsand7millionsmall businesses.“Names,addresses, phone numbersandemail addressesof the holdersandsmall businessaccounts,83in total, were exposedwhencomputersystemsatJ.P.Morgan Chase & Co were compromisedbyhackers,makingit one of the biggestdatabreachesinhistory”(Agrawal,2014).IntrusionwhichbeganinJune andwasn’t discovered until Julygoestoshow the depthof the breach. “By the time the bank’ssecurityteam discoveredthe breachinlate July,hackershadalreadyobtainedthe highestlevel of administrative privilegetodozensof the bank’scomputerservers.”(Silver-Greenberg,2014).The fact that ittook authoritiessuchatime to detectthe attack showshow vulnerableJ.P.Morganandother financial institutionsare tocybercrime.
2. Analysis The cyberattack onJ.P. Morgan exposednew levelsof vulnerabilitiestofinancial institutions.Previous breachesat bankshad involvedtheftof personal identificationnumbersforATMaccounts,not burrowingdeepintothe internal workingsof bank’scomputersystems.(Silver-Greenberg,2014).Prior to the attack, financial institutionswere considered safe because of theirinvestmentsinmitigating online threatsaswell asintrainingsecuritystaff.Thismade itdifficulttodetectthe breach,asit exploitedvulnerabilitiesthe companyhadprobablyconsideredasresidual risk. The hackers were able toobtaina listof applicationsandprogramsthatran onthe bank’scomputers and createda road map usingvulnerabilitiesintheseprogramsandapplications,asan entrypointinto the bank’ssystems.The cybercriminalsgainedhighlevelaccessintothe company’ssystems, butthe bankwas able to detectand stop the hackersbefore theycouldsiphoncustomeraccounts. 2.1 AddressingCIA Confidentiality Clearly,the cyberattackonJ.P. Morgan Chase & Co,was a breachof confidentiality. “The hackerswere able to reviewinformationaboutamillioncustomeraccountsandgain accessto a listof the software applicationsinstalledonthe bank’scomputers”.(Goldstein,2014).The goal of confidentialityisto ensure the protectionof private and/orpersonal information, J.P.MorganChase &Co. clearlyfailedto protectthe informationof itscustomers. Althoughitmightbe difficulttofindeverylastvulnerabilities,below isbreakdownof the attackinto threat,vulnerabilityand threataction. Threat Vulnerability Threat Action (WorkstationDomain) (Unintentional Threats)  Uninformed Employees(lacking propersecurity training)  SessionHijackingasa resultof Improper securitymeasures  outdatedpatchingof programsand applications  Malware installationdueto outdatedantivirus  Undetectedand unauthorizedaccessto programsand applications that interactwithservers on the network through the workstation (LAN Domain) (IntentionalThreats)  Hackers  Failure toupgrade one of itsnetworkservers  Two factor authenticationswitched off on a server  NewPatchesnotapplied  Accessto insecure server throughwhichfurther confidentialinformation was retrieved  Names,Addresses,Phone numbersand e-mail addressesof 83 million account holdershadbeen exposed
 The possibilitythatcrooks mightbe able to produce more convincingphishing attacks usingthe stolen information. (Remote AccessDomain) (IntentionalThreats)  Hackers  Failure tocheck login passwordsforcase sensitivityonwebsite  Remote accessto the company’swebsite by unauthorizeduserswhoin turn stole valuable information. 2.2 Addressingthe Typical IT Infrastructure Domains. 2.2.1 WorkstationDomain The hackers were able toexploitthe vulnerabilitiesatthe workstationdomainandeventuallygained access to programsand applicationsinstalledonJ.P.Morgan’ssystems.Thisthreatactioncouldhave beenpossiblethroughsessionhijackingof aninactive user.Once the hackerswere able togetaccessto the listof programs and applicationsrunningonthe systems,theythencrosscheckedtheseprograms for furthervulnerabilitiesi.e.securityweaknesses. Itcouldhave alsobeenasa resultof an outdated anti-viruswhichpermittedamalware tobe installedonthe system.The malware’sfunctioncouldhave beentoread and recordprogramsand applicationsrunninginthe system.Thisthenbecameanentry pointintothe company’sservers. 2.2.2 LAN Domain. The hackers thencontinuedtheirexploitof the networkatthe LAN domain as a resultof vulnerabilities presentthere aswell aftergaininginitial accessthroughthe workstationdomain. “Hackersbroke into J.P.Morgan's networkthrougha giantsecurityhole leftopen byafailure toswitchontwo-factor authenticationonanoverlookedserver.Failedtoupgrade one of itsnetworkservers,meantthataccess was possible withoutknowingacombinationof apassword and the value of a one-time code.The workingtheoryisthathackersusedcompromisedaccesstothe insecure serverasa launchpad for attacks againstmore sensitivesystems.”(Leyden,2014) At thispoint, the hackersalreadyhada strong footholdwithaccesstologincredentials,highlevel passwords,aswell asthe listof all programsand applications.The attackcouldtherefore be continued remotelyanditwasonlya matter of time before the hackerswere able tobreak into90 serversinthe company,therebygainingaccesstomillionsof customerdetails. 2.2.3 Remote Access Domain. The website fora corporate challenge organizedbythe bank,whichwas managedbya thirdparty was attackedas well. “Followingthe bank’sinvestigation,itwasdiscoveredthatthe hackershad compromisedsome user’s loginandpassworddetailstothe website. Afterthe Corporate Challenge attack, J.P.Morgan senta letterto some website userssayingthatithad discoveredthathackershad compromisedlogincredentialsandpasswords.Butthe bankdoesnotbelieve thatthe websiteattack
was the entrypointforthe broader intrusionintoJ.P.Morgan’snetwork.”(The New YorkTimes Company,2008) The remote accessdomainwas exploitedasaresultof userswhologgedinintothe company’swebsite fromvariouslocationsfora corporate challenge organizedbythe bank.Although,the claimbythe bank mightbe true,it alsopointsto the fact that vulnerabilitiesinthe site wasexploitedbyhackerswho used remote accessas an entrypointto the bank’ssystems.The levelof penetrationiswhatisleftunknown. Some userscomplainedinthe commentsectionof the New YorkTimespublicationthat,the website was notcase sensitiveinreceivingpasswords. Accordingtoa particularwoman,“There isan ongoing securityissue where the application (website)isnotcheckingthe loginpasswordsforcase sensitivity.I am able to logintomy account irrespective of whetherI enteruppercase or lowercase alphabets. This isa majorsecurityriskandchase doesn'tseemtohave beenbotheredaboutit.Ihave openedaticket withcustomerservice buthaven'theardbackfrom them.” 2.3 MitigationTechniques The vulnerabilities thatwere exploitedcanbe categorized intotwomaingroups.  Disclosure:A situationwhereby unauthorizedusers gainaccesstoinformationorinformation systems.  Interception:A situationwherebyunauthorizeduserscopyinformationfromserversoron networks. The bank couldhave avoidedthe attackif it had considered the following: i. Employee awareness:More attentionshouldbe giventothe trainingof staff astheyare more susceptible toreveal personal informationwithoutrealizingit.Regularpractice based testswouldensure employeesare uptodate withthe vulnerabilitiesassociatedwiththeir jobs.The hackersmost likelygotthe listof all programsrunningonthe bank’ssystems throughan employee’sworkcomputer. Betteremployee awarenesscouldhave prevented disclosure. ii. Hardeningnetworkoperatingsystemsandnetworkdevices:If properpatcheswere applied regularly,the level of accessof the attackerscouldhave beenreduce andthe bank would have avoidedthe breachof itsservers.Failure toswitchontwofactor authentication shouldn’tbe happeningatsucha large organization.Thisultimatelycouldhave prevented Interception. 2.3.1 Countermeasures The analysisclearlyshowsthatthe banksufferedaconfidentialitybreach.The bestwaytomitigate such a losswouldbe to lookintopossible furtherthreatsthatcouldoccur withthe informationgathered.We wouldtherefore lookattwomain ways to reduce the impactof the loss. i. SecurityFreeze ii. BoilerPlate Advice
Security Freeze:“A CreditFreeze,alsoknownasaSecurityFreeze, isawayfor youto have maximum control of accessto your credit.A more dramatic stepto protectyourcredit.”(TransUnion,2016). A Securityfreeze wouldbe agoodcountermeasure forcustomersof J.P.Morganaftersuch a hack on the company. Securityfreezesare basically designedtopreventacreditreportingcompanyfromreleasing your creditreportwithoutyourconsent. While itinterfereswiththe timelyapprovalof anysubsequent requestorapplicationyoumake regardinganew loan,credit,mortgage,governmentservicesor payments, utilities orotherservices,iteliminatesanymonetarylossof the customer’smoneyduring thisperiod. (SecurityFreeze) BoilerPlate Advice:Afterthe hack,J.P.Morgan advisedcustomersonitswebsitethatitdoesnot believetheyneedtochange theirpasswordsoraccount information.Thisseemslike awrongdecision. A template thatstatesthe waysof protectingthemselvesfromphishingattacks shouldbe distributedto customers.“Regularlymonitorall of youraccounts;read everytransactiononyourcreditstatement everymonth;andcheck eachof yourthree creditreportsregularly,whichyouare allowedtodofree at leastonce a year.” (Bernard,2014) 3. Conclusion What the hackersare planningto do withthe data fromJ.P. Morgan remainsunknown.The biggestrisk isthat they will tryto extractmore sensitive informationfromaffectedconsumers. “Itispossible that the thievescouldsell the J.P.Morgandatato others,whocouldthencombine itwithpubliclyavailable information,foundthroughcensusdataor social media”,saidPamDixon,executive director atthe WorldPrivacyForum.What thismeansis thatalthoughthe hack has beendetectedandstopped, customersof J.P.Morgan are still likely tobe victimsof spearphishing. 3.1 SilverLining Despite the factthat over76 millionaccountswere affectedbythe hack,there are still some positivesto note. A good pointto note,isthe fact that no monetarylosswasincurredbythe customersaffected. Although,the factthat nomoneywastakendidnot necessarilymeanitwasa case of state-sponsored espionage, itcouldmeanhackerswere able toaccess a call logof whoto victimize, butwere detected and couldn’tsiphoncustomeraccounts.A logof whoto victimize wasstolen,butthatitself isnot enoughtosteal someone’sidentity. AccordingtoKristinLemkau,aJ.P.Morgan spokeswoman.“We are confidentwe have closedanyknownaccesspointsandpreventedany future accessinthe same way” (Goldstein,2014).Ms. Lemkauaddedthat the bankhad “not seenanyunusual fraudactivity”since the intrusionwasdiscoveredandsaidthatthere was“no evidence thattheyhave takenanyproprietary software”orhad a “blueprint”of the bank’scomputernetwork"(Goldstein,2014). Goldstein,2014, asksa goodquestion,“Have some othertrapdoorsbeenleftoverthatcan be accessed?”The claimisthat there isno evidence of breachof closelyguardedinformation.Absence of evidence howeverdoesnotconstitute evidence of absence. AccordingtoBruce Schneier, “Securityis out of your control,the onlythingyoucan do isagitate for lawsaboutregulatingthird-partyuse of your data and howthey store it,use it and collectit”(Bernard,2014)
References Bernard,T. S. (2014, October3). Waysto ProtectYourself After theJPMorgan Hacking. Retrievedfrom The NewYork TimesCompany:http://www.nytimes.com/2014/10/04/your-money/jpmorgan- chase-hack-ways-to-protect-yourself.html?ref=dealbook Goldstein,N.P.(2014, September12). AfterBreach,JPMorgan Still Seeksto DetermineExtent of Attack. RetrievedfromThe NewYorkTimesCompany: http://www.nytimes.com/2014/09/13/technology/after-breach-jpmorgan-still-seeks-to- determine-extent-of-attack.html?ref=dealbook&_r=0 Leyden,J.(2014, December23). JPMorgan Chasemega-hackwasa simpletwo-factorauth fail. RetrievedfromThe Register: http://www.theregister.co.uk/2014/12/23/jpmorgan_breach_probe_latest/ SecurityFreeze. (n.d.).Retrievedfromhttp://www.experian.com/consumer/security_freeze.html Silver-Greenberg,M.G. (2014, October2). Dealbook.nytimes.com. Retrievedfromnytimes.com: http://dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security- issues/?_php=true&_type=blogs&_r=1 Sousa,L. D. (2016, January 26). RiskManagementFundamentals.Vancouver,BritishColumbia,Canada. Tanya Agrawal,D.H. (2014, October2). ThomsomReuters. RetrievedfromThomsomReuters: http://www.reuters.com/article/us-jpmorgan-cybersecurity-idUSKCN0HR23T20141003 The NewYork TimesCompany.(2008). The New York Times Company. Retrievedfromnytimes.com: http://topics.nytimes.com/top/news/business/companies/morgan_j_p_chase_and_company/in dex.html TransUnion.(2016). Credit Freeze. RetrievedfromTransUnionLLC: https://www.transunion.com/credit- freeze/place-credit-freeze Wikipedia.(2015,December8). Wikipedia.RetrievedfromWikipedia: https://en.wikipedia.org/wiki/2014_JPMorgan_Chase_data_breach

Recommended

WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attack
Abdelhakim Salama
 
Malware Dectection Using Machine learning
Malware Dectection Using Machine learningMalware Dectection Using Machine learning
Malware Dectection Using Machine learning
Shubham Dubey
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response Planning
PECB
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
CrowdStrike
 
Ransomware: Wannacry
Ransomware: WannacryRansomware: Wannacry
Ransomware: Wannacry
Mikel Solabarrieta
 
Target Breach Analysis
Target Breach AnalysisTarget Breach Analysis
Target Breach Analysis
Tal Be'ery
 
Cyber security threats and trends
Cyber security threats and trendsCyber security threats and trends
Cyber security threats and trends
Hadeel Sadiq Obaid
 
Ransomware
RansomwareRansomware
Ransomware
m3 Networks Limited
 

Recommended

WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attack
Abdelhakim Salama
 
Malware Dectection Using Machine learning
Malware Dectection Using Machine learningMalware Dectection Using Machine learning
Malware Dectection Using Machine learning
Shubham Dubey
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response Planning
PECB
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
CrowdStrike
 
Ransomware: Wannacry
Ransomware: WannacryRansomware: Wannacry
Ransomware: Wannacry
Mikel Solabarrieta
 
Target Breach Analysis
Target Breach AnalysisTarget Breach Analysis
Target Breach Analysis
Tal Be'ery
 
Cyber security threats and trends
Cyber security threats and trendsCyber security threats and trends
Cyber security threats and trends
Hadeel Sadiq Obaid
 
Ransomware
RansomwareRansomware
Ransomware
m3 Networks Limited
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
Zoho Corporation
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
seadeloitte
 
Cyber crime & security final tapan
Cyber crime & security final tapanCyber crime & security final tapan
Cyber crime & security final tapan
Tapan Khilar
 
Practical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurity
scoopnewsgroup
 
Fraud Detection presentation
Fraud Detection presentationFraud Detection presentation
Fraud Detection presentation
Hernan Huwyler
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber Security
Stephen Lahanas
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
IkramSabir4
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Muhammad Zeeshan Muzaffar
 
Cybersecurity in Banking Sector
Cybersecurity in Banking SectorCybersecurity in Banking Sector
Cybersecurity in Banking Sector
Quick Heal Technologies Ltd.
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)
Harsh Bhanushali
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hacking
samprada123
 
Swift-cyber-attacks.pptx
Swift-cyber-attacks.pptxSwift-cyber-attacks.pptx
Swift-cyber-attacks.pptx
AmineRached2
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
Ian-Edward Stafrace
 
cyber security
cyber securitycyber security
cyber security
abithajayavel
 
Seminar on yahoo mail cyber attack
Seminar on yahoo mail cyber attackSeminar on yahoo mail cyber attack
Seminar on yahoo mail cyber attack
rohit2495
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
Semir Ibrahimovic
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of Service
Er. Shiva K. Shrestha
 
Computer crime
Computer crimeComputer crime
Computer crime
Uc Man
 
Cyber security and Hacking
Cyber security and HackingCyber security and Hacking
Cyber security and Hacking
Parth Makadiya
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial Intelligence
Inderjeet Singh
 
J.P Morgan Chase & Company Case study
J.P Morgan Chase & Company Case studyJ.P Morgan Chase & Company Case study
J.P Morgan Chase & Company Case study
Annapurna Sinha
 
J. p morgan project PPT
J. p morgan project PPTJ. p morgan project PPT
J. p morgan project PPT
Vijay Mehta
 

More Related Content

What's hot

WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
Zoho Corporation
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
seadeloitte
 
Cyber crime & security final tapan
Cyber crime & security final tapanCyber crime & security final tapan
Cyber crime & security final tapan
Tapan Khilar
 
Practical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurity
scoopnewsgroup
 
Fraud Detection presentation
Fraud Detection presentationFraud Detection presentation
Fraud Detection presentation
Hernan Huwyler
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber Security
Stephen Lahanas
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
IkramSabir4
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Muhammad Zeeshan Muzaffar
 
Cybersecurity in Banking Sector
Cybersecurity in Banking SectorCybersecurity in Banking Sector
Cybersecurity in Banking Sector
Quick Heal Technologies Ltd.
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)
Harsh Bhanushali
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hacking
samprada123
 
Swift-cyber-attacks.pptx
Swift-cyber-attacks.pptxSwift-cyber-attacks.pptx
Swift-cyber-attacks.pptx
AmineRached2
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
Ian-Edward Stafrace
 
cyber security
cyber securitycyber security
cyber security
abithajayavel
 
Seminar on yahoo mail cyber attack
Seminar on yahoo mail cyber attackSeminar on yahoo mail cyber attack
Seminar on yahoo mail cyber attack
rohit2495
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
Semir Ibrahimovic
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of Service
Er. Shiva K. Shrestha
 
Computer crime
Computer crimeComputer crime
Computer crime
Uc Man
 
Cyber security and Hacking
Cyber security and HackingCyber security and Hacking
Cyber security and Hacking
Parth Makadiya
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial Intelligence
Inderjeet Singh
 

What's hot (20)

WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber crime & security final tapan
Cyber crime & security final tapanCyber crime & security final tapan
Cyber crime & security final tapan
 
Practical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurity
 
Fraud Detection presentation
Fraud Detection presentationFraud Detection presentation
Fraud Detection presentation
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber Security
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cybersecurity in Banking Sector
Cybersecurity in Banking SectorCybersecurity in Banking Sector
Cybersecurity in Banking Sector
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hacking
 
Swift-cyber-attacks.pptx
Swift-cyber-attacks.pptxSwift-cyber-attacks.pptx
Swift-cyber-attacks.pptx
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
cyber security
cyber securitycyber security
cyber security
 
Seminar on yahoo mail cyber attack
Seminar on yahoo mail cyber attackSeminar on yahoo mail cyber attack
Seminar on yahoo mail cyber attack
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of Service
 
Computer crime
Computer crimeComputer crime
Computer crime
 
Cyber security and Hacking
Cyber security and HackingCyber security and Hacking
Cyber security and Hacking
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial Intelligence
 

Viewers also liked

J.P Morgan Chase & Company Case study
J.P Morgan Chase & Company Case studyJ.P Morgan Chase & Company Case study
J.P Morgan Chase & Company Case study
Annapurna Sinha
 
J. p morgan project PPT
J. p morgan project PPTJ. p morgan project PPT
J. p morgan project PPT
Vijay Mehta
 
JP Morgan & Chase: IT Strategy and Key Success factors
JP Morgan & Chase: IT Strategy and Key Success factorsJP Morgan & Chase: IT Strategy and Key Success factors
JP Morgan & Chase: IT Strategy and Key Success factors
AbhiJeet Singh
 
Jp morgan final ppt
Jp morgan final pptJp morgan final ppt
Jp morgan final ppt
Krishma Sandesra
 
JPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment ReportJPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment Report
Divya Kothari
 
Jp Morgan Case Study Final
Jp Morgan Case Study FinalJp Morgan Case Study Final
Jp Morgan Case Study Final
BERHMANI Samuel
 
Jp morgan chase
Jp morgan chaseJp morgan chase
Jp morgan chase
HARSH PATHAK
 
JP Morgan & Chase - OneBench IS Case
JP Morgan & Chase - OneBench IS CaseJP Morgan & Chase - OneBench IS Case
JP Morgan & Chase - OneBench IS Case
Tiziano Tassi
 
Powerpoint Risk Assessment
Powerpoint Risk AssessmentPowerpoint Risk Assessment
Powerpoint Risk Assessment
Steve Bishop
 
Jp morgan sit
Jp morgan sitJp morgan sit
Jp morgan sit
jpcampbell10
 
Insider Trading and the 08 Economic Crisis
Insider Trading and the 08 Economic CrisisInsider Trading and the 08 Economic Crisis
Insider Trading and the 08 Economic Crisis
Terry Coulon
 
Case Study: Social Media Marketing Strategy @ JPMorgan Chase – Customer Servi...
Case Study: Social Media Marketing Strategy @ JPMorgan Chase – Customer Servi...Case Study: Social Media Marketing Strategy @ JPMorgan Chase – Customer Servi...
Case Study: Social Media Marketing Strategy @ JPMorgan Chase – Customer Servi...
Rajesh Prabhakar
 
Viewcontent
ViewcontentViewcontent
Viewcontent
WAQAR AHMED
 
Jpmorgan chase
Jpmorgan chaseJpmorgan chase
Jpmorgan chase
Nishant Sinha
 
EVERFI Webinar: The latest supreme court rulings on insider trading
EVERFI Webinar: The latest supreme court rulings on insider tradingEVERFI Webinar: The latest supreme court rulings on insider trading
EVERFI Webinar: The latest supreme court rulings on insider trading
Michele Collu
 
Creation of Credit Default Swap Market as Niche Construction (Russian)
Creation of Credit Default Swap Market as Niche Construction (Russian)Creation of Credit Default Swap Market as Niche Construction (Russian)
Creation of Credit Default Swap Market as Niche Construction (Russian)
Pavel Luksha
 
JPMorgan Chase Change Initiative
JPMorgan Chase Change InitiativeJPMorgan Chase Change Initiative
JPMorgan Chase Change Initiative
Ali Akbar Sahiwala
 
Social Media Strategy for Retention and Sales
Social Media Strategy for Retention and SalesSocial Media Strategy for Retention and Sales
Social Media Strategy for Retention and Sales
WebLink International
 
Example security risk assessment tool july 2010
Example security risk assessment tool july 2010Example security risk assessment tool july 2010
Example security risk assessment tool july 2010
WarrenGreen
 
About Jp Morgan Chase
About Jp Morgan ChaseAbout Jp Morgan Chase
About Jp Morgan Chase
Hantulga G
 

Viewers also liked (20)

J.P Morgan Chase & Company Case study
J.P Morgan Chase & Company Case studyJ.P Morgan Chase & Company Case study
J.P Morgan Chase & Company Case study
 
J. p morgan project PPT
J. p morgan project PPTJ. p morgan project PPT
J. p morgan project PPT
 
JP Morgan & Chase: IT Strategy and Key Success factors
JP Morgan & Chase: IT Strategy and Key Success factorsJP Morgan & Chase: IT Strategy and Key Success factors
JP Morgan & Chase: IT Strategy and Key Success factors
 
Jp morgan final ppt
Jp morgan final pptJp morgan final ppt
Jp morgan final ppt
 
JPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment ReportJPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment Report
 
Jp Morgan Case Study Final
Jp Morgan Case Study FinalJp Morgan Case Study Final
Jp Morgan Case Study Final
 
Jp morgan chase
Jp morgan chaseJp morgan chase
Jp morgan chase
 
JP Morgan & Chase - OneBench IS Case
JP Morgan & Chase - OneBench IS CaseJP Morgan & Chase - OneBench IS Case
JP Morgan & Chase - OneBench IS Case
 
Powerpoint Risk Assessment
Powerpoint Risk AssessmentPowerpoint Risk Assessment
Powerpoint Risk Assessment
 
Jp morgan sit
Jp morgan sitJp morgan sit
Jp morgan sit
 
Insider Trading and the 08 Economic Crisis
Insider Trading and the 08 Economic CrisisInsider Trading and the 08 Economic Crisis
Insider Trading and the 08 Economic Crisis
 
Case Study: Social Media Marketing Strategy @ JPMorgan Chase – Customer Servi...
Case Study: Social Media Marketing Strategy @ JPMorgan Chase – Customer Servi...Case Study: Social Media Marketing Strategy @ JPMorgan Chase – Customer Servi...
Case Study: Social Media Marketing Strategy @ JPMorgan Chase – Customer Servi...
 
Viewcontent
ViewcontentViewcontent
Viewcontent
 
Jpmorgan chase
Jpmorgan chaseJpmorgan chase
Jpmorgan chase
 
EVERFI Webinar: The latest supreme court rulings on insider trading
EVERFI Webinar: The latest supreme court rulings on insider tradingEVERFI Webinar: The latest supreme court rulings on insider trading
EVERFI Webinar: The latest supreme court rulings on insider trading
 
Creation of Credit Default Swap Market as Niche Construction (Russian)
Creation of Credit Default Swap Market as Niche Construction (Russian)Creation of Credit Default Swap Market as Niche Construction (Russian)
Creation of Credit Default Swap Market as Niche Construction (Russian)
 
JPMorgan Chase Change Initiative
JPMorgan Chase Change InitiativeJPMorgan Chase Change Initiative
JPMorgan Chase Change Initiative
 
Social Media Strategy for Retention and Sales
Social Media Strategy for Retention and SalesSocial Media Strategy for Retention and Sales
Social Media Strategy for Retention and Sales
 
Example security risk assessment tool july 2010
Example security risk assessment tool july 2010Example security risk assessment tool july 2010
Example security risk assessment tool july 2010
 
About Jp Morgan Chase
About Jp Morgan ChaseAbout Jp Morgan Chase
About Jp Morgan Chase
 

Similar to Case study on JP Morgan Chase & Co

Ransomware (1).pdf
Ransomware (1).pdfRansomware (1).pdf
Ransomware (1).pdf
HiYeti1
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business Ready
Chukwunonso Okoro, CFE, CAMS, CRISC
 
Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and Mitigation
Maaz Ahmed Shaikh
 
Cybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & ImportanceCybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & Importance
manoharparakh
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
malvvv
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
malvvv
 
Research a case that has been in the news in the last few years where.docx
Research a case that has been in the news in the last few years where.docxResearch a case that has been in the news in the last few years where.docx
Research a case that has been in the news in the last few years where.docx
mtruman1
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
Vertex Holdings
 
targeted-data-breach-bulletin-sept
targeted-data-breach-bulletin-septtargeted-data-breach-bulletin-sept
targeted-data-breach-bulletin-sept
*****Dominic A Ienco
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker Final
Shallu Behar-Sheehan FCIM
 
Retail
Retail Retail
Retail
CMR WORLD TECH
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the Cloud
GGV Capital
 
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxThe uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
arnoldmeredith47041
 
Owasp e crime-london-2012-final
Owasp e crime-london-2012-finalOwasp e crime-london-2012-final
Owasp e crime-london-2012-final
Marco Morana
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting Reputations
Cognizant
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec Technology and Consulting
 
McAFEE LABS THREATS REPORT - Fourth Quarter 2013
McAFEE LABS THREATS REPORT - Fourth Quarter 2013McAFEE LABS THREATS REPORT - Fourth Quarter 2013
McAFEE LABS THREATS REPORT - Fourth Quarter 2013
- Mark - Fullbright
 
Tackling the maze ransomware attack with security testing
Tackling the maze ransomware attack with security testingTackling the maze ransomware attack with security testing
Tackling the maze ransomware attack with security testing
Cigniti Technologies Ltd
 
C018131821
C018131821C018131821
C018131821
IOSR Journals
 
Journal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993ConJournal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993Con
karenahmanny4c
 

Similar to Case study on JP Morgan Chase & Co (20)

Ransomware (1).pdf
Ransomware (1).pdfRansomware (1).pdf
Ransomware (1).pdf
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business Ready
 
Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and Mitigation
 
Cybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & ImportanceCybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & Importance
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
 
Research a case that has been in the news in the last few years where.docx
Research a case that has been in the news in the last few years where.docxResearch a case that has been in the news in the last few years where.docx
Research a case that has been in the news in the last few years where.docx
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
 
targeted-data-breach-bulletin-sept
targeted-data-breach-bulletin-septtargeted-data-breach-bulletin-sept
targeted-data-breach-bulletin-sept
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker Final
 
Retail
Retail Retail
Retail
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the Cloud
 
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxThe uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
 
Owasp e crime-london-2012-final
Owasp e crime-london-2012-finalOwasp e crime-london-2012-final
Owasp e crime-london-2012-final
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting Reputations
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
McAFEE LABS THREATS REPORT - Fourth Quarter 2013
McAFEE LABS THREATS REPORT - Fourth Quarter 2013McAFEE LABS THREATS REPORT - Fourth Quarter 2013
McAFEE LABS THREATS REPORT - Fourth Quarter 2013
 
Tackling the maze ransomware attack with security testing
Tackling the maze ransomware attack with security testingTackling the maze ransomware attack with security testing
Tackling the maze ransomware attack with security testing
 
C018131821
C018131821C018131821
C018131821
 
Journal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993ConJournal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993Con
 

Recently uploaded

Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your TasteZodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
my Pandit
 
Structural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for BuildingsStructural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for Buildings
Chandresh Chudasama
 
Industrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and CreationIndustrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and Creation
Christian Dahlen
 
Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024
Adnet Communications
 
Training my puppy and implementation in this story
Training my puppy and implementation in this storyTraining my puppy and implementation in this story
Training my puppy and implementation in this story
WilliamRodrigues148
 
Authentically Social Presented by Corey Perlman
Authentically Social Presented by Corey PerlmanAuthentically Social Presented by Corey Perlman
Authentically Social Presented by Corey Perlman
Corey Perlman, Social Media Speaker and Consultant
 
Chapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .pptChapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .ppt
ssuser567e2d
 
Part 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 SlowdownPart 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 Slowdown
jeffkluth1
 
Authentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto RicoAuthentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto Rico
Corey Perlman, Social Media Speaker and Consultant
 
How MJ Global Leads the Packaging Industry.pdf
How MJ Global Leads the Packaging Industry.pdfHow MJ Global Leads the Packaging Industry.pdf
How MJ Global Leads the Packaging Industry.pdf
MJ Global
 
Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
LuanWise
 
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
hartfordclub1
 
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesEvent Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Holger Mueller
 
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
bosssp10
 
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
taqyea
 
The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...
The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...
The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...
ABHILASH DUTTA
 
Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
Kirill Klimov
 
Top mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptxTop mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptx
JeremyPeirce1
 
Income Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IACIncome Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IAC
CA Dr. Prithvi Ranjan Parhi
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Avirahi City Dholera
 

Recently uploaded (20)

Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your TasteZodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
 
Structural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for BuildingsStructural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for Buildings
 
Industrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and CreationIndustrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and Creation
 
Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024
 
Training my puppy and implementation in this story
Training my puppy and implementation in this storyTraining my puppy and implementation in this story
Training my puppy and implementation in this story
 
Authentically Social Presented by Corey Perlman
Authentically Social Presented by Corey PerlmanAuthentically Social Presented by Corey Perlman
Authentically Social Presented by Corey Perlman
 
Chapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .pptChapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .ppt
 
Part 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 SlowdownPart 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 Slowdown
 
Authentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto RicoAuthentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto Rico
 
How MJ Global Leads the Packaging Industry.pdf
How MJ Global Leads the Packaging Industry.pdfHow MJ Global Leads the Packaging Industry.pdf
How MJ Global Leads the Packaging Industry.pdf
 
Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
 
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
 
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesEvent Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
 
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
 
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
 
The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...
The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...
The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...
 
Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
 
Top mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptxTop mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptx
 
Income Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IACIncome Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IAC
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
 

Case study on JP Morgan Chase & Co

  • 1. Case Study: Information Security Risk Analysis on the Cyberattack on J.P. Morgan Chase & Co. Written by: Badejo, Victor Oluwajuwon 14th February, 2016
  • 2. Abstract In whatis consideredbymanytobe one of the biggestbreachesinhistory, the cyberattackonJPMorgan Chase & Co in July2014, has leftmanywithquestionsaboutthe overall securityof our cyberspace. The attack was made publicinSeptember2014 but was discoveredbythe bank'ssecurityteaminlate July 2014, andwas not completelyhalteduntil the middle of August. Thiscase studyshowsinitsanalysis that over76 Millioncustomeraccounts were exposed whendedicatedcriminals exploitedvulnerabilities at the Workstation,LAN aswell asRemote accessdomainsof the company’sITinfrastructure.Failure to turn on twofactor authenticationonaserver,the hackers eventuallygained high-leveladministrative privilegesintothe bank.Over90 of the bank’sserverswere affected. Giventhe level of sophisticationof the attack, it isbelieved thatthe attack was plannedformonthsandmay have involvedsome coordinationorassistance froma foreigngovernment. Furtheranalysiswere able tohelp narrow downthe breachto thatof confidentiality.It laterbreaks downthe attack intothreat,vulnerabilityandthreataction.It proposesmitigationtechniques likemore hardeningof networksystemstoavoidre occurrence.Italsoprovides countermeasureslikesecurity freeze, todeal withthe riskthatoccurred andto handle future threatsresultingfromthe cyberattack. The data breach at J.P.Morgan Chase is yetanotherexample of how ourmostsensitivepersonal informationisindanger. Key Terms Confidentiality,cyberattack, workstationdomain,LAN domain, remoteaccessdomain, spearphishing, boilerplate advice,twofactorauthentication.
  • 3. 1. Introduction J.P.Morgan Chase & Co. is one of the world'sbiggestbanksthatcontrolstotal assetsworthmore than $2.59 Trillion. The Companyisengagedininvestmentbanking,financialservicesforconsumerswith small businesses,commercial banking,financialtransactionprocessingandassetmanagement.J.P. Morgan Chase'sactivitiesare organizedintofourbusinesssegments.The Company'sConsumer& CommunityBankingsegment,The Corporate &InvestmentBank,The Commercial Banking(CB) andThe AssetManagementsegment. (The NewYorkTimesCompany,2008).It is alsothe world’ssixthlargest bankin termsof total assets.A bankwithsuch a record woulddefinitelybe aprime targetfor cybercriminals.Byspendingmillionsannuallyonsecurity,the bankhasmaintainedahighlevel of performance overthe years. In July2014, the largestbank inthe UnitedStatesfell victimof awell-plannedcyberattack. The hackers compromisedthe accountsof 76 millionhouseholdsand7millionsmall businesses.“Names,addresses, phone numbersandemail addressesof the holdersandsmall businessaccounts,83in total, were exposedwhencomputersystemsatJ.P.Morgan Chase & Co were compromisedbyhackers,makingit one of the biggestdatabreachesinhistory”(Agrawal,2014).IntrusionwhichbeganinJune andwasn’t discovered until Julygoestoshow the depthof the breach. “By the time the bank’ssecurityteam discoveredthe breachinlate July,hackershadalreadyobtainedthe highestlevel of administrative privilegetodozensof the bank’scomputerservers.”(Silver-Greenberg,2014).The fact that ittook authoritiessuchatime to detectthe attack showshow vulnerableJ.P.Morganandother financial institutionsare tocybercrime.
  • 4. 2. Analysis The cyberattack onJ.P. Morgan exposednew levelsof vulnerabilitiestofinancial institutions.Previous breachesat bankshad involvedtheftof personal identificationnumbersforATMaccounts,not burrowingdeepintothe internal workingsof bank’scomputersystems.(Silver-Greenberg,2014).Prior to the attack, financial institutionswere considered safe because of theirinvestmentsinmitigating online threatsaswell asintrainingsecuritystaff.Thismade itdifficulttodetectthe breach,asit exploitedvulnerabilitiesthe companyhadprobablyconsideredasresidual risk. The hackers were able toobtaina listof applicationsandprogramsthatran onthe bank’scomputers and createda road map usingvulnerabilitiesintheseprogramsandapplications,asan entrypointinto the bank’ssystems.The cybercriminalsgainedhighlevelaccessintothe company’ssystems, butthe bankwas able to detectand stop the hackersbefore theycouldsiphoncustomeraccounts. 2.1 AddressingCIA Confidentiality Clearly,the cyberattackonJ.P. Morgan Chase & Co,was a breachof confidentiality. “The hackerswere able to reviewinformationaboutamillioncustomeraccountsandgain accessto a listof the software applicationsinstalledonthe bank’scomputers”.(Goldstein,2014).The goal of confidentialityisto ensure the protectionof private and/orpersonal information, J.P.MorganChase &Co. clearlyfailedto protectthe informationof itscustomers. Althoughitmightbe difficulttofindeverylastvulnerabilities,below isbreakdownof the attackinto threat,vulnerabilityand threataction. Threat Vulnerability Threat Action (WorkstationDomain) (Unintentional Threats)  Uninformed Employees(lacking propersecurity training)  SessionHijackingasa resultof Improper securitymeasures  outdatedpatchingof programsand applications  Malware installationdueto outdatedantivirus  Undetectedand unauthorizedaccessto programsand applications that interactwithservers on the network through the workstation (LAN Domain) (IntentionalThreats)  Hackers  Failure toupgrade one of itsnetworkservers  Two factor authenticationswitched off on a server  NewPatchesnotapplied  Accessto insecure server throughwhichfurther confidentialinformation was retrieved  Names,Addresses,Phone numbersand e-mail addressesof 83 million account holdershadbeen exposed
  • 5.  The possibilitythatcrooks mightbe able to produce more convincingphishing attacks usingthe stolen information. (Remote AccessDomain) (IntentionalThreats)  Hackers  Failure tocheck login passwordsforcase sensitivityonwebsite  Remote accessto the company’swebsite by unauthorizeduserswhoin turn stole valuable information. 2.2 Addressingthe Typical IT Infrastructure Domains. 2.2.1 WorkstationDomain The hackers were able toexploitthe vulnerabilitiesatthe workstationdomainandeventuallygained access to programsand applicationsinstalledonJ.P.Morgan’ssystems.Thisthreatactioncouldhave beenpossiblethroughsessionhijackingof aninactive user.Once the hackerswere able togetaccessto the listof programs and applicationsrunningonthe systems,theythencrosscheckedtheseprograms for furthervulnerabilitiesi.e.securityweaknesses. Itcouldhave alsobeenasa resultof an outdated anti-viruswhichpermittedamalware tobe installedonthe system.The malware’sfunctioncouldhave beentoread and recordprogramsand applicationsrunninginthe system.Thisthenbecameanentry pointintothe company’sservers. 2.2.2 LAN Domain. The hackers thencontinuedtheirexploitof the networkatthe LAN domain as a resultof vulnerabilities presentthere aswell aftergaininginitial accessthroughthe workstationdomain. “Hackersbroke into J.P.Morgan's networkthrougha giantsecurityhole leftopen byafailure toswitchontwo-factor authenticationonanoverlookedserver.Failedtoupgrade one of itsnetworkservers,meantthataccess was possible withoutknowingacombinationof apassword and the value of a one-time code.The workingtheoryisthathackersusedcompromisedaccesstothe insecure serverasa launchpad for attacks againstmore sensitivesystems.”(Leyden,2014) At thispoint, the hackersalreadyhada strong footholdwithaccesstologincredentials,highlevel passwords,aswell asthe listof all programsand applications.The attackcouldtherefore be continued remotelyanditwasonlya matter of time before the hackerswere able tobreak into90 serversinthe company,therebygainingaccesstomillionsof customerdetails. 2.2.3 Remote Access Domain. The website fora corporate challenge organizedbythe bank,whichwas managedbya thirdparty was attackedas well. “Followingthe bank’sinvestigation,itwasdiscoveredthatthe hackershad compromisedsome user’s loginandpassworddetailstothe website. Afterthe Corporate Challenge attack, J.P.Morgan senta letterto some website userssayingthatithad discoveredthathackershad compromisedlogincredentialsandpasswords.Butthe bankdoesnotbelieve thatthe websiteattack
  • 6. was the entrypointforthe broader intrusionintoJ.P.Morgan’snetwork.”(The New YorkTimes Company,2008) The remote accessdomainwas exploitedasaresultof userswhologgedinintothe company’swebsite fromvariouslocationsfora corporate challenge organizedbythe bank.Although,the claimbythe bank mightbe true,it alsopointsto the fact that vulnerabilitiesinthe site wasexploitedbyhackerswho used remote accessas an entrypointto the bank’ssystems.The levelof penetrationiswhatisleftunknown. Some userscomplainedinthe commentsectionof the New YorkTimespublicationthat,the website was notcase sensitiveinreceivingpasswords. Accordingtoa particularwoman,“There isan ongoing securityissue where the application (website)isnotcheckingthe loginpasswordsforcase sensitivity.I am able to logintomy account irrespective of whetherI enteruppercase or lowercase alphabets. This isa majorsecurityriskandchase doesn'tseemtohave beenbotheredaboutit.Ihave openedaticket withcustomerservice buthaven'theardbackfrom them.” 2.3 MitigationTechniques The vulnerabilities thatwere exploitedcanbe categorized intotwomaingroups.  Disclosure:A situationwhereby unauthorizedusers gainaccesstoinformationorinformation systems.  Interception:A situationwherebyunauthorizeduserscopyinformationfromserversoron networks. The bank couldhave avoidedthe attackif it had considered the following: i. Employee awareness:More attentionshouldbe giventothe trainingof staff astheyare more susceptible toreveal personal informationwithoutrealizingit.Regularpractice based testswouldensure employeesare uptodate withthe vulnerabilitiesassociatedwiththeir jobs.The hackersmost likelygotthe listof all programsrunningonthe bank’ssystems throughan employee’sworkcomputer. Betteremployee awarenesscouldhave prevented disclosure. ii. Hardeningnetworkoperatingsystemsandnetworkdevices:If properpatcheswere applied regularly,the level of accessof the attackerscouldhave beenreduce andthe bank would have avoidedthe breachof itsservers.Failure toswitchontwofactor authentication shouldn’tbe happeningatsucha large organization.Thisultimatelycouldhave prevented Interception. 2.3.1 Countermeasures The analysisclearlyshowsthatthe banksufferedaconfidentialitybreach.The bestwaytomitigate such a losswouldbe to lookintopossible furtherthreatsthatcouldoccur withthe informationgathered.We wouldtherefore lookattwomain ways to reduce the impactof the loss. i. SecurityFreeze ii. BoilerPlate Advice
  • 7. Security Freeze:“A CreditFreeze,alsoknownasaSecurityFreeze, isawayfor youto have maximum control of accessto your credit.A more dramatic stepto protectyourcredit.”(TransUnion,2016). A Securityfreeze wouldbe agoodcountermeasure forcustomersof J.P.Morganaftersuch a hack on the company. Securityfreezesare basically designedtopreventacreditreportingcompanyfromreleasing your creditreportwithoutyourconsent. While itinterfereswiththe timelyapprovalof anysubsequent requestorapplicationyoumake regardinganew loan,credit,mortgage,governmentservicesor payments, utilities orotherservices,iteliminatesanymonetarylossof the customer’smoneyduring thisperiod. (SecurityFreeze) BoilerPlate Advice:Afterthe hack,J.P.Morgan advisedcustomersonitswebsitethatitdoesnot believetheyneedtochange theirpasswordsoraccount information.Thisseemslike awrongdecision. A template thatstatesthe waysof protectingthemselvesfromphishingattacks shouldbe distributedto customers.“Regularlymonitorall of youraccounts;read everytransactiononyourcreditstatement everymonth;andcheck eachof yourthree creditreportsregularly,whichyouare allowedtodofree at leastonce a year.” (Bernard,2014) 3. Conclusion What the hackersare planningto do withthe data fromJ.P. Morgan remainsunknown.The biggestrisk isthat they will tryto extractmore sensitive informationfromaffectedconsumers. “Itispossible that the thievescouldsell the J.P.Morgandatato others,whocouldthencombine itwithpubliclyavailable information,foundthroughcensusdataor social media”,saidPamDixon,executive director atthe WorldPrivacyForum.What thismeansis thatalthoughthe hack has beendetectedandstopped, customersof J.P.Morgan are still likely tobe victimsof spearphishing. 3.1 SilverLining Despite the factthat over76 millionaccountswere affectedbythe hack,there are still some positivesto note. A good pointto note,isthe fact that no monetarylosswasincurredbythe customersaffected. Although,the factthat nomoneywastakendidnot necessarilymeanitwasa case of state-sponsored espionage, itcouldmeanhackerswere able toaccess a call logof whoto victimize, butwere detected and couldn’tsiphoncustomeraccounts.A logof whoto victimize wasstolen,butthatitself isnot enoughtosteal someone’sidentity. AccordingtoKristinLemkau,aJ.P.Morgan spokeswoman.“We are confidentwe have closedanyknownaccesspointsandpreventedany future accessinthe same way” (Goldstein,2014).Ms. Lemkauaddedthat the bankhad “not seenanyunusual fraudactivity”since the intrusionwasdiscoveredandsaidthatthere was“no evidence thattheyhave takenanyproprietary software”orhad a “blueprint”of the bank’scomputernetwork"(Goldstein,2014). Goldstein,2014, asksa goodquestion,“Have some othertrapdoorsbeenleftoverthatcan be accessed?”The claimisthat there isno evidence of breachof closelyguardedinformation.Absence of evidence howeverdoesnotconstitute evidence of absence. AccordingtoBruce Schneier, “Securityis out of your control,the onlythingyoucan do isagitate for lawsaboutregulatingthird-partyuse of your data and howthey store it,use it and collectit”(Bernard,2014)
  • 8. References Bernard,T. S. (2014, October3). Waysto ProtectYourself After theJPMorgan Hacking. Retrievedfrom The NewYork TimesCompany:http://www.nytimes.com/2014/10/04/your-money/jpmorgan- chase-hack-ways-to-protect-yourself.html?ref=dealbook Goldstein,N.P.(2014, September12). AfterBreach,JPMorgan Still Seeksto DetermineExtent of Attack. RetrievedfromThe NewYorkTimesCompany: http://www.nytimes.com/2014/09/13/technology/after-breach-jpmorgan-still-seeks-to- determine-extent-of-attack.html?ref=dealbook&_r=0 Leyden,J.(2014, December23). JPMorgan Chasemega-hackwasa simpletwo-factorauth fail. RetrievedfromThe Register: http://www.theregister.co.uk/2014/12/23/jpmorgan_breach_probe_latest/ SecurityFreeze. (n.d.).Retrievedfromhttp://www.experian.com/consumer/security_freeze.html Silver-Greenberg,M.G. (2014, October2). Dealbook.nytimes.com. Retrievedfromnytimes.com: http://dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security- issues/?_php=true&_type=blogs&_r=1 Sousa,L. D. (2016, January 26). RiskManagementFundamentals.Vancouver,BritishColumbia,Canada. Tanya Agrawal,D.H. (2014, October2). ThomsomReuters. RetrievedfromThomsomReuters: http://www.reuters.com/article/us-jpmorgan-cybersecurity-idUSKCN0HR23T20141003 The NewYork TimesCompany.(2008). The New York Times Company. Retrievedfromnytimes.com: http://topics.nytimes.com/top/news/business/companies/morgan_j_p_chase_and_company/in dex.html TransUnion.(2016). Credit Freeze. RetrievedfromTransUnionLLC: https://www.transunion.com/credit- freeze/place-credit-freeze Wikipedia.(2015,December8). Wikipedia.RetrievedfromWikipedia: https://en.wikipedia.org/wiki/2014_JPMorgan_Chase_data_breach