In August I first told you about the hacking of banking giant J.P. Morgan and as many as four other banks. Investigators believe the hacking was the work of sophisticated hackers from Eastern Europe. Some are theorizing that the hacking was sponsored by the Russian government. Much sensitive data was compromised and stolen as a result of the hacking although to date none of the million customer accounts compromised have suffered any loss or fraudulent activity. Investigators are now saying that the breach was limited to names, addresses and phone numbers. The initial investigation appears to be focusing on the exploitation of computer programs used by a J.P. Morgan employee to work from a remote location. This type of exploitation of remote desktop software such as Microsoft’s Remote Desktop, Apple’s Remote Desktop, Chrome’s Remote Desktop, Splashtop, Pulseway and LogMein that enable the convenience of logging into a company’s computers from an off site location has proven to be a major security flaw that has been continually exploited in company after company for quite a while going back to Target’s hacking last year to the recent UPS hacking. I have warned people about this flaw for sometime and the FBI has warned American businesses to watch for this.
Banks are a frequent target of cyberattacks and American banks have generally done a good job in recent years in protecting data, however, as this latest hacking shows, more needs to be done, particularly in regard to the particular type of malware used in this attack which may be or be similar to the “Backoff” malware I have been warning about. As for we as consumers, there is little we can do other than to carefully monitor all of our accounts, only use credit cards rather than debit cards for retail purchases and limit the amount of personal information you provide to any company or governmental agency with which you do business. This will not be the last major hacking exploiting this flaw to occur.