JPMorgan Chase fights off 45 billion hacking attempts each day (edition.cnn.com)
from L4s@lemmy.world to technology@lemmy.world on 19 Jan 2024 08:00
https://lemmy.world/post/10898973

JPMorgan Chase fights off 45 billion hacking attempts each day::JPMorgan Chase says it has seen a sizable increase in attempts by hackers each day to infiltrate its systems over the last year, highlighting the escalating cybersecurity challenges the bank and other Wall Street titans are facing.

#technology

threaded - newest

Eheran@lemmy.world on 19 Jan 2024 08:27 next collapse

Ping = attempted hack

Accessing random address = hack

Port scanning = hack

Every single email = hack

Every connection they have = hack

Seriously, how did they come up with that number?

redcalcium@lemmy.institute on 19 Jan 2024 08:52 next collapse

Each of my server got ssh login attempt at ~1 request / second. If you have 12 servers, that’s already 1 million “hacking attempt” per day.

Eheran@lemmy.world on 19 Jan 2024 13:33 next collapse

So you are also a Wall Street Titan? Wow.

BearOfaTime@lemm.ee on 19 Jan 2024 15:12 collapse

Do it yourself. Open an HTTP port, see what happens.

Once an open interface is discovered, people will start probing it.

Eheran@lemmy.world on 20 Jan 2024 17:11 collapse

It was a joke. Just like the article.

tmjaea@lemmy.world on 19 Jan 2024 17:04 collapse

Using a different Port than 22 decreased these numbers significantly for me. Fail 2 ban is active nevertheless

LemmyIsFantastic@lemmy.world on 19 Jan 2024 11:05 next collapse

They are almost certainly being probed by thousands of requests every minute.

It’s likely an aggregation of everything web exposed. Shit like jpchasewordpress.com/admin?sql"=injection attempt" with password credentials and shit.

[deleted] on 19 Jan 2024 17:02 collapse

.

BearOfaTime@lemm.ee on 19 Jan 2024 15:11 next collapse

Open a port, see how quickly you get thousands of attempts per hour.

Now be JPM, with thousands of internet exposed interfaces.

Though I think the number is exaggerated, but I’d need to see what they own.

ringwraithfish@startrek.website on 19 Jan 2024 17:42 collapse

Should a port scan by a bad actor be considered multiple hacking attempts or a single hacking attempt?

Another way to think about it: if a burglar tries various windows and doors to find an unsecured opening, is that considered multiple burglary attempts or a single burglary attempt?

M500@lemmy.ml on 20 Jan 2024 01:22 collapse

I wouldn’t even consider a port scan a hack.

It’s just like a thief looking at your home to see if there are any windows or doors open.

billwashere@lemmy.world on 20 Jan 2024 04:50 collapse

I wouldn’t consider a port scan a hacking attempt either but I think it would be more like trying to open the front door or attempting to open a window to see if it’s locked. But if people are trying to do that to my house I wouldn’t be real happy. Of course if you’re a business and someone tries to open the door before you’re open is that really a problem? I know I’ve done that before.

Nommer@sh.itjust.works on 19 Jan 2024 21:20 collapse

Was going to say then I must be fighting off thousands a day with my router. Looked at the logs for fun one day and the amount of default port and credential attacks was insane.

remotelove@lemmy.ca on 19 Jan 2024 08:33 next collapse

Clarification: An earlier version of this story included comments by Erdoes on the number of hacking attempts made on JPMorgan systems last year. A spokesperson clarified after the panel session that Erdoes was referring to all observed activity collected from JPMorgan’s technology assets, malicious or not.

The title is bad. One scan that generates thousands of alerts is generally considered one event. Companies that have a massive footprint naturally get many thousands of scans a day. It’s normal.

Also, +60,000 people and $16 billion dollars is misleading. The people they pay the most are the ones that generally don’t know shit about IT. Sure, some of those technologists are probably top-tier, but actual security experts don’t usually come in large groups. There are exceptions, of course.

Large companies pay way too much for generic security solutions. In some ways they are forced, because their infrastructure is massive and they need tons of customization but there is always a fuck ton of waste.

Using big numbers sounds cool, unless you are in the industry and understand that there is a ton of fluff involved.

Potatos_are_not_friends@lemmy.world on 20 Jan 2024 07:22 collapse

Honestly as a engineer, I sometimes uses puff pieces like this to get my company to act. How many times have I called out a vulnerability that the company goes, “Meh not important”.

remotelove@lemmy.ca on 20 Jan 2024 07:33 collapse

It’s an art form to get people to give a shit about security. Sometimes puff pieces work, sometimes they don’t. Dull numbers are usually more effective: A vulnerability needs to have a specific risk, is easy/hard to execute and could cost the company x dollars if exploited and would only cost x dollars to fix in x amount of time.

You have to summarize the risk and cost to the organization instead of trying to explain the problem in all its detail.

You probably knew that, but just passing along how I have had to cope over the years.

chaorace@lemmy.sdf.org on 19 Jan 2024 09:57 next collapse

Ah, yes, just over five attempts for every human alive. I assume they took the reply addresses at face value and have forwarded 45 billion cease & desist letters to Microsoft’s Redmond office?

squid_slime@lemmy.world on 20 Jan 2024 18:51 collapse

Are we meant to feel sorry for them?