KnowBe4 Says Employee PC Wreaks Havoc in JP Morgan Hack


JP Morgan banking giant hit by data breach in a feat far beyond the capability of ordinary criminal hackers

(Tampa Bay, FL) Aug 28, 2014--The Wall Street Journal reported today that J.P. Morgan was hacked and suffered a cyberheist called "a significant breach of corporate computer security". Bloomberg reported that the FBI, the US Secret Service, and even the NSA are investigating the incident that seems to have occurred in mid-August. According Bloomberg, Russian hackers breached the bank's defenses and compromised gigabytes of data, but exact nature of that data remains unknown. However, it was stated attackers "grabbed sensitive data from the files of bank employees, including executives."

People familiar with the probe said the evidence at this moment points to malware that infected an employee's personal computer and from there the hackers were able to move further into the bank's network. "They then plowed through layers of elaborate security to steal the data, a feat security experts said appeared far beyond the capability of ordinary criminal hackers," one source said.

According to KnowBe4 CEO Stu Sjouwerman, “The weak link in this case is an employee, as their personal computer got infected with malware, and we can guess how that happened. They clicked on a link or were social engineered to open up an attachment that carried a malicious payload. The human is the weak link in IT security, and this latest data breach again shows how true this is. The employee probably fell for a (spear-) phishing attack and clicked on something they should not have.”

The J.P. Morgan employee's PC that was infected used VPN software to work remotely and the Journal said: "Such an attack would mark the latest instance in which a large corporate network was breached by a weak external link".

The news of this data breach came just days after J.P. Morgan customers were targeted by a large wave of phishing emails trying to get their banking username and password. Proofpoint researchers, who discovered the campaign, said that victims were lead to a fake login portal, which delivered banking malware made to look like a Java update after their username and password are entered into the form.

When hackers broke into Target last year and stole 40 million card numbers, they originally infiltrated the retailer by stealing a ventilation contractor's password, also using the same tactic.  J.P. Morgan reported in their annual report that they will spend more than $250 Million per year and have about 1,000 people focused on cybersecurity.

“All that time and money is wasted unless you also pay attention to the "human firewall" something companies need to create first and foremost. That can be accomplished  with effective security awareness training for all employees that have a PC and have access to the Internet,“ said Sjouwerman. KnowBe4 has a highly effective program to stay safe online, both for employees in the office and from any remote location. .

For more information visit www.KnowBe4.com

About Stu Sjouwerman and KnowBe4

Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.

About Kevin Mitnick

Kevin Mitnick is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and speaker, and has authored three books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC.

Get the latest about social engineering

Subscribe to CyberheistNews