Several large US banks were attacked by hackers who appear to have used malware and a zero-day vulnerability to infiltrate networks and obtain corporate and customer data. At least five banks—only JP Morgan Chase was identified—were involved in the attacks, in which cybercriminals stole “gigabytes of customer data,” according to the anonymous sources cited by news outlets. However, it is unclear whether they took credit card or other account information. The fact that there have been no reports of money moved from accounts indicates the attack was politically motivated, according to a US government source. The US FBI, Secret Service, and National Security Agency are investigating the breaches. Initial investigations indicate the attacks were routed through computers in Latin America from servers that Russian hackers are known to use. Security vendor Trend Micro reported an uptick in attacks on US and European banks since 24 July 2014 from computers whose IP addresses appear to be in former Soviet bloc countries. JP Morgan Chase spokesperson Brian Marchiony declined comment on the recent incidents, saying only, “Companies of our size unfortunately experience cyberattacks nearly every day. We have multiple layers of defense to counteract threats and constantly monitor fraud levels.” In April, JPMorgan Chase CEO Jamie Dimon said the company was increasing its annual expenditures on security by 25 percent—to $250 million—compared to 2013. (CNN Money)(re/Code)(Bloomberg)
