These days, the breach of a business is nothing new. It seems on a near-daily basis, companies are coming forward to announce the discovery of hacker activity within their networks and systems. Enterprises are a main target for cybercriminals in the current threat environment due to the vast sums of corporate and customer information they have on hand. However, when a financial organization is breached, it is a bit more surprising.
The average corporation houses a range of data in connection with their internal practices, products and clients. While there is no doubt as to the sensitivity of this content, banks store consumer financial information which can be used for a whole host of fraudulent purposes. For this reason, many financial groups have the staunchest of security measures in place. As such, many customers like to believe that their bank, credit union or other financial organization is impenetrable. The fact of the matter is, though, that in today’s risk landscape, it is not a matter of if a company will be breached, it is simply a matter of when.
Currently, a range of hacker activity, based in Russia, has been discovered. This isn’t the first time cybercriminals have launched attacks from the country, as Trend Micro research shows. Let’s examine the most recent breach, as well as the previous hacker excursions connected to Russia.
JPMorgan suffers large scale data breach
One such event to happen recently involved JPMorgan, the parent company behind the considerably popular Chase Bank. The Register contributor Kelly Fiveash reported that that the breach impacted a total of 83 million households and businesses in the U.S. and came at the hands of cyberthieves with ties to the Russian government.
Hackers were able to gain access to the financial firm’s system after acquiring a list of all the software programs and applications leveraged by the organization within its standard computers. Cybercriminals were then able to cross check each of the listed apps with pre-existing or potential vulnerabilities that could be exploited for backdoor entry into the program.
Although experts believe this breach approach took considerable time, cyberthieves did appear to have success. Fiveash noted that hackers were able to make off with a slew of customer personal information, including names, physical and email addresses, phone numbers and internal JPMorgan information. While these details were reported to be compromised, the bank noted that the criminals did not gain access to account numbers or login passwords.
The news of the breach came after rumors about a major security event involving the group began to emerge in August. After weeks of speculation on the part of consumers, and no doubt internal investigations by JPMorgan, the firm announced the details of the attack at the beginning of October.
While JPMorgan was the first to disclose the breach, the company is reportedly not the only one impacted by this group of Russian cybercrimnals. According to Fiveash, investigations have shown that nine other American financial firms were also in the hackers’ crosshairs, although these organizations have yet to be named or announce the discovery of compromised information.
Although JPMorgan and other institutions are working to pinpoint exactly who is behind this far-reaching breach, they have found that the individuals have “loose connections” with Vladimir Putin’s government.
“[T]he hackers were believed to be operating from Russia and appear to have vague links to officials in Putin’s administration,” Fiveash wrote.
Russian hackers strike elsewhere
While one of the most well-publicized, the JPMorgan breach is not the first time Russian hackers have snooped and stolen information belonging to U.S. users. In fact, The New York Times reported that in August of this year, a Russian crime ring was able to collect and create one of – if not the – largest repositories of stolen authentication credentials.
According to The New York Times contributors Nicole Perlroth and David Gelles, the cybercriminals’ collection included approximately 1.2 billion username and password combinations, as well as over 500 million email addresses. These extensive database of stolen information was established after the Russian hacker ring breached 420,000 websites, making off with authentication details along the way.
In this case, cybercriminals didn’t only compromise the information of American websites and businesses, but those in Russia as well.
“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” noted Alex Holden, security expert, CIO and founder of Hold Security. “And most of these sites are still vulnerable.”
Russian cybercriminal attack strategies
As shown here, there are a number of security incidents involving attacks based out of Russia. These security incidents occur due to a range of breach approaches employed by Russian hacker groups. A 2012 Trend Micro white paper, “Russian Underground 101,” noted that when cybercriminals discover a successful means to infiltrate a system, they share these details with others, creating more widespread use of the attack vectors.
“The fraudsters consider the Internet a playing field,” noted white paper author Max Goncharov. “It has many vulnerable sites and a great deal of unprotected data. While ‘protected’ data do exist, the places they are stored in can still be hacked. Some cybercriminals shared their experience in hacking; generating traffic; and writing code for Trojans, exploits and other malware via online articles.”
But what exactly are the attack approaches being utilized by Russian cybercriminals? According to Goncharov, they include:
- File encryption used to prevent discovery of malware.
- The use of dedicated servers, or those utilized by a single user, leveraged for malicious activities like brute forcing.
- The use of proxy servers that act as a bridge between a computer and the Internet and utilized to speed data transmission and filter traffic.
- VPN technology for establishing an encrypted pathway when a computer connects to the Internet enabling the user to launch conventional programs but ensure that the information being transmitted is safeguarded.
- Distributed denial-of-service attacks, which make a website or resource unavailable to users.
- Spamming, or the mass distribution of content online which can be themed or unthemed depending on the target.
- Botnets, or a network of computers controlled by a single command-and-control server. One example of a powerful botnet was Zeus, a toolkit that was able to steal personal details from infected computers remotely.