Request a Demo
Cygilant Blog

JP Morgan Breach Discovered Thanks to Log Data

Posted by Vijay Basani on Nov 19, 2014


JP Morgan Chase, a major American financial institution, disclosed a cyber breach back in September. The breach affected 76 million households and 7 million small businesses. The hackers used some of the same offshore servers to hack both the bank and the website of the JP Morgan Corporate Challenge. The IT team at JP Morgan was able to uncover the hack by chance, after studying the Corporate Challenge website breach.

 

The Corporate Challenge website was run by Simmco Data Systems, but carried the JP Morgan Chase name. Hackers were able to pose as website operators and collect data from race participants by using Simmco’s Data certificate. The JP Morgan bank executives and IT team, led by Chief Operating Officer Matt Zames and Chief Information Security Officer Greg Rattray, noticed a link between IP addresses on the Corporate Chellenge website, and on the JP Morgan banking website. The hackers used the same IP addresses to launch cyber attacks on both the bank and the Corporate Challenge websites, which allowed JP Morgan’s IT team to discover the attack.

 

 According to Business Insider, “The hackers originally got into J.P. Morgan’s network by compromising the computer an employee with special privileges used both at work and at home.” Although the hack started at an external website, hackers were eventually able to break into the bank’s databases and go unnoticed for months.

 

The breach at JP Morgan demonstrates the importance of retaining log data, and having a mechanism that allows users to quickly and easily search through the information. Stored log data can be crosschecked at a later date to discover a security breach. This is especially helpful since cyber breaches and malware attacks have been in the news regularly this past year. In the event of a cyber security issue, cyber teams will save time if they have the ability to check detailed logs. An automated logging system with an intuitive search system will also save IT teams time if a cyber security incident occurs. The sooner an IT team discovers and remediates a cyber security issue, the less drastic the financial consequences will be for an enterprise.

 

With EiQ Networks’ security solutions, enterprises can benefit from log management and SIEM. Both SOCVue and SecureVue offer log management and SIEM. Enterprises can meet compliance driven log audit requirements easily when EiQ’s product does the logging. Businesses will benefit from automated incident detection using all relevant security information. Overall, businesses will be able to improve their overall security via timely detection and notification of incidents with EiQ. 

Tags: Security Controls Monitoring, Configuration Audit, SIEM, Log Management

Subscribe to Email Updates

Experience how Cygilant SOCVue and 24x7 GSOC Team can help detect threats, prioritize vulnerabilities and apply patches.

Request a Demo

Most Recent Posts

Posts by Topic

See All