Reserve Bank of Australia confirms 2011 malware attack

RBA was subject to targeted email virus which bypassed security systems
Reserve Bank of Australia confirms 2011 malware attack

The Reserve Bank of Australia (RBA) has today confirmed that it was the victim of a targeted email-based virus attack in 2011 following an Australian Financial Review investigation.

The AFR reported on 10 March 2012 that the central bank had been infiltrated by a Chinese-developed malware program that was seeking intelligence on G20 negotiations.

A incident report summary (PDF) on the RBA’s website dated 17 November 2011 includes details of the targeted attack.

The malicious payload was found to be a compressed zip file containing an executable malware application.

“The email had managed to bypass the existing security controls in place for malicious emails by being well written, targeted to specific bank staff and utilised an embedded hyperlink to the virus payload which differs from the usual attack whereby the virus is attached directly to the email,” read the RBA report.

“It was found that six users had clicked on the malicious link, potentially compromising their workstations.”

In response, an RBA spokesperson confirmed in a statement today that it has “on occasion” been the target of cyber attacks.

“The RBA has comprehensive security arrangements in place which have isolated these attacks and ensured that viruses have not been spread across the bank's network or systems,” the spokesperson said in a statement.

“At no point have these attacks caused the bank's data or information to be lost or its systems to be corrupted. The bank's IT systems operate safely, securely and with a high degree of resilience.”

The RBA spokesperson added that it routinely consults with the Defence Signals Directorate (DSD) and draws on the expertise of private firms. There is also “ongoing” testing of its IT systems and regular training of staff.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.

More about: Australian Financial Review, Australian Financial Review, RBA, Reserve Bank of Australia
References show all
Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: online security, Reserve Bank of Australia (RBA), malware
All whitepapers

NBN: Good-bye FTTP, we hardly knew ye

MORE IN Networking
Sign up now to get free exclusive access to reports, research and invitation only events.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia