Monday, March 11, 2013

Reserve Bank escapes cyber hack attack


By Business editor Peter Ryan


The Reserve Bank is in the midst of a security crackdown after a cyber attack with the potential to expose sensitive internal information.
The attack occurred late in 2011, when a series of emails - carrying what's been described as a "malicious payload" - targeted senior RBA staff.
While the RBA's integrity was not comprised on this occasion, there are concerns that Chinese-developed spy software is posing a major threat to government institutions including central banks.
The Reserve Bank is well known for its tight security and few, if any, cyber villains have managed to get through its digital firewall.
However, that changed on November 16 and 17 2011, when a number of suspicious emails were sent to senior RBA staff.
According to an internal report titled "targeted email attack", six staff clicked on an embedded hyperlink to what is described as a "virus payload".
"Malicious email was highly targeted, utilising a possibly legitimate external account purporting to be a senior bank staff member. It included a legitimate email signature and a plausible subject title and content," noted the report.
"As the email has no attachments, it bypassed existing security protocols, allowing users to potentially access the malicious payload via the internet browsing infrastructure."
The report says the six users potentially compromised their workstations, and points to fears about a malicious externally generated attack, or act of sabotage, as a major risk.
While a successful cyber attack was averted this time, the report says bank assets could have been compromised, leading to service disruption, information loss and damage to the RBA's reputation.
"I think it raises the same sorts of questions that you'd have right across the public service," said Paul Bloxham, a former Reserve Bank economist and now chief economist at HSBC.
"All public institutions are subject to these potential threats from information technology attacks and cyber attacks."
He says the thwarted attack has a range of implications for the RBA and other central banks.
"It would depend on the nature of what sort of cyber attack that they got and of course it does pose a threat, and it's something that needs to be dealt with appropriately," he said.
"It's certainly something that you'd expect that central banks would need to take into account, and they're highly likely to be taking it into account because it does potentially pose a threat to their reputation and to their operations."

The Reserve Bank has refused to comment beyond the report posted on its website, and will not confirm what steps are being taken to stop further cyber attacks.

However, the report does note the difficulty in keeping up with the the speed of spy programs that can be hidden in emails.
"While users are aware of the need for caution with suspicious attachments, such awareness is unlikely to protect the bank from credible looking emails and attachments," the report said.
Tony Kirkham, from the network security company Palo Alto, says the RBA attack should be a wake-up call for other agencies and he was not surprised to hear about it.
"This sort of attack is sadly becoming very commonplace these days," he said.
"We're seeing this sort of thing happen on a number of organisations, and the other thing we're seeing is that these attacks are becoming very targeted and crafted very specifically to go after organisations and quite often particular types of information.
They'll quite often start by sending some sort of a spear-fishing attack, an email which looks credible, which will then be a trigger to trigger some sort of malware on the computer of the person who receives it.
Network security company spokesman Tony Kirkham
"They'll quite often start by sending some sort of a spear-fishing attack, an email which looks credible, which will then be a trigger to trigger some sort of malware on the computer of the person who receives it.
"Once they install some malware on that machine, that gives them a foothold inside the organisation and that allows a person on the outside, malicious parties, to control a device on the inside of the network.
"That allows them to get access, quite often, to all the information on that particular machine and can be used as a launching point to get other devices and other information systems within the organisation."
The World Today contacted the Department of Defence in relation to national security issues amid concerns about ramped up attacks sponsored by China.
While the department says it does not comment on specific incidents, it did say that hacking is a constant threat, especially for the nation's businesses and economic institutions.
"At least 65 per cent of cyber intrusions on Australian computers have an economic focus," a Defence spokesperson said in a statement.
"Cyber intruders are looking for information on Australia's business dealings, intellectual property, scientific data and the Government’s intentions."
The Department of Defence says the Cyber Security Operations Centre estimates that at least 85 per cent of cyber intrusion techniques can be mitigated by adopting standard security procedures, including installing the latest patches to applications and operating systems and minimising administrative privileges.