Australia’s central bank has confirmed that it has been the subject of cyber attacks. Though the bank itself has not confirmed who was behind the attacks, fingers have already been pointed –
“The Reserve Bank of Australia’s computer networks have been repeatedly and successfully hacked in a series of cyber-attacks to infiltrate sensitive internal information, including by Chinese-developed malicious software.”
Such hacking routines are becoming more and more common these days with a number of high profile targets already this year. In this instance it looks like the attacker arrived via email – docs released under freedom of information show that the bank was subject to a malicious email attack between the 16th and 17th of November 2011. The email, which was sent to several staff, was opened by six people (lessons to be learned here eh?) and their workstations became infected.
None of the infected workstations had administrator rights and so the virus was contained at that point.
“As reported in today’s media, the Bank has on occasion been the target of cyber attacks. The Bank has comprehensive security arrangements in place which have isolated these attacks and ensured that viruses have not been spread across the Bank’s network or systems. At no point have these attacks caused the Bank’s data or information to be lost or its systems to be corrupted. The Bank’s IT systems operate safely, securely and with a high degree of resilience.
The Bank takes cyber security and its potential consequences extremely seriously. As part of its extensive efforts to ensure that security arrangements are best practice, the Bank routinely consults with the Defence Signals Directorate and draws on the expertise of specialist private firms. There is ongoing rigorous testing of the Bank’s IT systems and regular training of staff.”
Reserve Bank Of Australia Media Release
Following the incident the RBA took the issue up with its antivirus provider in order to shore up its defences, especially in regard to links in emails.