Major US banks suffered data breach due to Russian hackers

August 20th, 2014

JPMorgan Chase and other bank were breached by Russian hackers who stole gigabytes of sensitive data which includes savings and checking account information as well as information on bank employees.

Highlights of the incident:

The FBI is investigating whether the attacks may have been launched in retaliation for U.S. government sanctions

“Russia has a policy of reactionary attacks in relation to political contexts,” iSight Partners manager John Hultquist told Bloomberg. “When it comes to countries outside their sphere of influence, those attacks would be more surreptitious.”

At least five banks were hit

“Companies of our size unfortunately experience cyber attacks nearly every day,” JPMorgan spokesperson Patricia Wexler told the Times. “We have multiple layers of defense to counteract any threats and constantly monitor fraud levels.”

Breach was accomplished either via a zero day exploit or via the exploitation of an unsecured employee to access

“At the end of the day, serious attackers, not just cyber punks who try to steal credit card information, will go to great lengths and spend immense amounts of money in order to reach their target, employing not only lessons learned from online criminals over the last 20 years but also decades worth of espionage and social engineering tactics,” Kujawa head of malware intelligence at Malwarebytes Labs said. “The best defense against these attackers is to fortify cyber defenses on every front, the education and access control of any users and finally an awareness and preparedness for any and all attacks that might be encountered.”

Very few enterprises are sufficiently equipped to defend themselves

“In fact, I would say that more than 90 percent of all organizations are completely vulnerable; they simply do not have the tools or the staff to deal with this kind of attack,” Triumfant CEO John Prisco said.

War-game’ on an ongoing basis to make sure new vulnerabilities aren’t missed

“The next stage in the arms race, for both attackers and defenders, is automation — not just searching for gaps, but figuring out the consequences of those gaps, in much the same way that generals study a battlefield before the battle starts,” RedSeal Networks CTO Mike Lloyd said.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.


USA: High-risk place for Data Theft

July 23rd, 2013

A research conducted by German companies shows that the US is a high-risk place for data theft, second only to China.

Ernst & Young carried out a survey of 400 companies in July, it found out that 26 percent of German security professionals, IT and senior managers felt that US was a highly risky country when it comes to data theft and Industrial espionage. These figures were just 6 percent two years back. China was still a high-risk company as responded by 28 percent. Russia stands at third place, as just 12 percent respondents consider it as risky place data theft.

Head of Forensic Technology & Discovery Services at EY, Bodo Meseke said that German companies had a misconception that attacks were most likely to come from Russia or China, but they need to realize that very extensive monitoring measures are carried out by Western intelligence agencies.

26 percent of respondents were worried about this sort of data theft coming from a foreign competitor, with 17 percent concerned about state agencies and secret services from abroad. 16 percent of people were concerned about domestic competitors and 9 percent were worried about their own employees.

The survey was conducted to study attitudes towards the risk of data theft and Industrial espionage. 86% of managers are confident that their company would not become a victim. They are confident about their security measures including firewalls and secure password policies, though these security measures are easy to break for skilled hackers.

Meseke explained “When it comes to their own safety, the companies are, unfortunately, often lulled into false sense of security,”

“A professional data thief can circumvent a password. It’s important for companies to make it more difficult for would-be data thieves with things like intrusion detection systems and beefed up security departments so that they look for another target.” he added further.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta