Watch on Demand: Attack Surface Management Summit | All Sessions Now Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

JPMorgan Hackers Compromised Server Unprotected by Two-factor Authentication

A server that lacked two-factor authentication was the gateway hackers used to breach JPMorgan Chase this year, according to a report. 

A server that lacked two-factor authentication was the gateway hackers used to breach JPMorgan Chase this year, according to a report. 

According to The New York Times, sources familiar with the breach investigation revealed that the attack against the bank began after hackers stole the login credentials of a JPMorgan employee. It remains unknown where the attack originated.

While two-factor authentication is common in many environments, JPMorgan’s security team failed to upgrade one of its network servers with the security scheme – a mistake that left the bank open to intrusion, according to the report. The oversight is reportedly now part of an internal review at the company.

“Compromised credentials have been a factor in the vast majority of breaches including Sony and Target, based on the information that has been shared to-date,” said Trey Ford, global security strategist at Rapid7. “Once an attacker has a privileged credential, they can usually access sensitive data and escape most incident detection solutions because they appear as a valid user to those detection solutions.  This is how attackers are staying undetected in organizations for days, months and sometimes even years.”

After the network was compromised, the attackers were able to pivot around and access more than 90 servers at the bank. In the end, the hackers compromised data on 76 million household customers and seven million businesses, including email addresses, names and telephone numbers. According to JP Morgan, no private financial information was taken before the attack was detected in August.

Advertisement. Scroll to continue reading.

According to the New York Times, the breach was uncovered in the aftermath of the bank discovering that the same group of hackers had breached a website for a charitable race sponsored by the bank.

“Hearing that a server did not have two-factor enabled is not a shocker – although it really should be by now,” said Christopher Martincavage, senior sales engineer at SilverSky. “Recent security stories over the past few months have highlighted the compromise of sensitive information due to this same issue.”

“What I find fascinating is that for months they were able to gain access to more than 90 servers,” he said. “Two-factor is not the only problem at JP Morgan, it was just the first door kicked in. Two-factor methods can be stolen just like outdated login credentials…Organizations need to follow a layered approach. Assume security systems will be evaded. Create controls to detect activities when others fail. Yes, it’s upsetting to see that outdated authentication was used gain access into the network. It’s more frightening to think they accessed the network for months without being detected.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Data privacy startup Mine has appointed Avi Israel, Jessica Stanford, Michael Trites, Dikla Yuval, and Roee Silberman to executive positions.

Bob Turner has been named CISO at Penn State University.

V2X has appointed Christopher Carter as CISO.

More People On The Move

Expert Insights