One of the most troubling lessons from the JPMorgan Chase data breach is that organized cybercrime gangs today are quite good at avoiding the patterns detectable by most security software.
“Most of the many millions of dollars spent on cybersecurity are focused on opportunistic attacks — hackers that enter through a security flaw and use common malware to steal information. The security software that prevents against these kinds of attacks is predictive and attempts to know what attacks will look like if hackers infiltrate the system so it can neutralize the problem quickly,” reported Venturebeat. The story quoted Eyal Firstenberg, VP of cyber research at cybersecurity firm LightCyber, that today’s cyberthieves deliberately avoid such predictability.
“It is just now that that we are witnessing the emergence of companies and technologies that do not presume to predict a specific attack vector, but it is still not widespread,” Firstenberg said, according to the story.
The cyberthief gang that attacked Chase—accessing data through a security hole in a Chase consumer-facing site—did extensive research and they were equipped with custom malware specifically targeted at Chase. The thieves who “attacked Chase and potentially other banks are called targeted attackers. They set their sights on a target, then spend resources heavily researching the target’s systems and security protocols before designing specific malware. ‘For targeted attackers, they learn the specific technologies deployed in the target and just use different maneuvers or tools and neutralize them,'” the story Firstenberg as saying.