TEAM 1 | CHASE

HUMAN FACTOR IN CYBERSECURITY

CASE STUDY:

CYBERATTACK ON NATIONAL BANK OF BLACKSBURG

Table of Contents

1.0 INTRODUCTION ...................................................................................................................... 3

1.1 HUMAN FACTOR IN CHASE BANK ATTACKS ............................................................................. 3

1.2 SECOND ATTACK ON CHASE .................................................................................................... 4

2.0 PREVENTING ATTACKS ............................................................................................................ 4

2.0.1 IMPLEMENTING STRONG USER PROTECTION ................................................................................... 4

2.0.2 STRICT TECHNICAL SECURITY ....................................................................................................... 5
2.0.3 STRONG INTERNAL SECURITY ...................................................................................................... 5
2.0.4 REGULAR SECURITY AWARENESS TRAINING ..................................................................................... 6

REFERENCES: ............................................................................................................................... 7
1.0 Introduction
According to Banking Journal, organisations in the financial sector recorded 703 cyber-attack
attempts per week in Q4 2021, a 53% increase over the same time in the previous year. Per
statistics, a cyberattack occurs every 10 seconds on a global scale (CheckPoint, 2023)

Figure 1: Attacks by Industry

Source: (CheckPoint, 2023)

1.1 Human Factor in Chase Bank Attacks

Chase lost an estimated $2.4 million in a series of hacks it suffered in 2016 and 2017. Both
intrusions were carried out by vulnerabilities that patch or mitigated.

The first cyberattack took place in May 2016. The threat actors sent a phishing mail to one of
the bank’s employees who took the bait. This allowed them to install malware in the victim’s
PC and access another computer that allowed entry into the STAR network.
The bank uses this technology to manage debit card transactions for customers. The Network
could control how clients used bank cards and ATMs, as well as their accounts.
The hackers were able to modify the withdrawal limits and daily debit card usage limitations
after gaining access to the bank's networks. They were also able to manipulate and change
users' 4-digit personal identification numbers (PINs). The perpetrators also stole about
$570,000 from consumer accounts using ATMs across North America.

1.2 Second Attack on Chase

Chase hired cybersecurity forensics company Foregenix to investigate the incident after the
2016 hack. To counteract such cybercrime attempts, the bank introduced new security
measures known as "Velocity Rules" in June 2016.

However, when a second heist occurred only eight months after the first, the security measures
that had been put in place proved to be useless. Using the tried-and-true phishing email
technique, hackers broke into the bank's system once more in January 2017.

This time, in addition to gaining access to the STAR Network, the hackers had managed to
breach a workstation connected to Navigator, a program the bank uses to track debits and
credits in a customer's account. Attackers who gained access to the Navigator were able to keep
a close eye on their victims' accounts and even remove access to fraudulent debits. According
to reports, the second breach cost the bank $1,833,894 in losses.

No group has claimed responsibility for the attack. Nonetheless, one of the most popular threat
groups targeting financial institutions is Lazarus and may be behind these ones.

2.0 Preventing Attacks

We recommend that banks ensure their computer systems have strong cyber protection for all
their infrastructures. They can do this by;

2.0.1 Implementing Strong User Protection

While banks do have very little control over people's actions because they have the freedom to
handle their accounts responsibly or carelessly. It is practical for the institution to apply strict
security standards that must be met for individuals to access their accounts on the bank's
website. This involves making the use of strong passwords, particularly ones with several
character variations, and multi-factor authentication necessary.

2.0.2 Strict Technical Security

The web portal and applications for the bank must have highly secure. One of the most frequent
cyberattacks on banks is malware, although a security mechanism has been developed to
prevent it: Malware Security for Computers and Networks. It performs the following;

• It checks any newly downloaded program to verify if it is Malware free.

• It confirms emails with passwords and links to be malware-free.
• It scans the computer to detect and defeat any malware.

Technologies for monitoring, logging, and blocking are another security precaution that banks
might use. By doing this, consumers can make sure they aren't the target of a cyberattack. If
there is an attack, it will aid by offering an auditable trail that the security team can use to
access the situation, and identify the source, so the assault could be recognized, investigated,
and a remedy could be offered. Security should be controlled by a reputable security source
supplier.
The benefit of adopting professionally managed security is a 24-hour monitoring and incident
response that will detect and assist in dealing with any security/network alert breach and
responding in time before any significant damage is done by isolating and neutralizing the
threat.

2.0.3 Strong Internal Security

Banks can safeguard internal teams and protect the data by ensuring that the security of each
endpoint is admitted into a centralized protected Network. All devices connecting to the central
network must be secured, typically using a VPN service.

Data should be secured since it is one of the most important assets for any firm and because
hackers may view it as a valuable target. Data should be encrypted using a sophisticated
algorithm, such as Advanced Encryption Standard (AES), to ensure that cyber attackers will
not be able to access it without the corresponding decryption keys even in the event of a serious
security breach or assault.

Financial organizations should construct firewalls to prevent brute force assaults from
damaging the system. Additionally, to distinguish between the staff and users, each employee
should have a personal account and unique login credentials. As a result, once the staff system
is automatically configured such that no further rights are needed for them to carry out their
duties, the likelihood of cyberattacks from improper access would be reduced.

2.0.4 Regular security awareness training

This is crucial for the staff and employees is another crucial security precaution. This will
inform and remind them of the methods and tactics that hackers use in their attacks. The
majority of cyberattacks happen because the personnel is uninformed or has not received the
necessary training for security breach situations. The personnel should be equipped to:

• Verify the recipient or user before sending a piece of sensitive information.

• Check links before clicking them
• Verify email addresses from received emails.
References:
CheckPoint (2023) Check Point Research: Cyber Attacks Increased 50% Year over Year -
Check Point Software. Available at: https://blog.checkpoint.com/2022/01/10/check-point-
research-cyber-attacks-increased-50-year-over-year/ (Accessed: Feb 17, 2023).