Reserve Bank of Australia admits targeted attack


Reserve Bank of Australia admits targeted attack

Warwick Ashford

Staff at the Reserve Bank of Australia (RBA) were targeted by emails linking to a malicious payload in November 2011, a freedom of information request has revealed.

The attack is believed to have been aimed at stealing sensitive information that included Group of 20 negotiations, according to the Guardian.

The RBA has refused to comment on media reports that the virus used in the attack was of Chinese origin.

According to an internal incident report, the targeted emails managed to bypass security controls in place at the time because the malicious content was in the form of an embedded link, not an attachment.

An email titled Strategic Planning FY2012 was sent to several RBA staff up to department heads and was opened by six of them, potentially compromising their workstations.

According to the incident report, the email appeared to come from a senior staff member at the bank and originated from a "possibly legitimate" external account. It also included a legitimate email signature and had a plausible subject title and content.

As soon as analysis revealed that the emails linked to a compressed Zip file with an executable malware application, the PCs of the six staff who opened the application were removed from the network.

The incident report noted that the six workstations affected did not have local administrator rights, so the virus could not spread.

The impact assessment was that “bank assets could have been potentially compromised, leading to service disruption, information loss and reputation."

The RBA asked all its security providers to update its defences, including scanning for hyperlinks in emails and automatically blocking them.

However, the incident report noted: “While users are aware of the need for caution with suspicious attachments, such awareness is unlikely to protect the Bank from credible-looking emails and attachments.”

In addition to the attempted hacking, the RBA incident report contains a wide range of potentially embarrassing incidents, including lost laptops and smartphones, sensitive documents emailed out by mistake and the loss of a personal iPad containing sensitive bank information.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy