The Australian Securities and Investments Commission (ASIC) has admitted one of its servers was accessed without sanction and may have been digitally pawed by miscreants.
The country’s company and financial services regulator became aware of the incident on 15 January, which it said was “related to Accellion software used by ASIC to transfer files and attachments.”
The attack involved a server containing documents associated with Australian credit applications and the commission warned that “some limited information may have been viewed by the threat actor.” ASIC was at pains to add that it hadn’t seen evidence of the forms and attachments being opened or downloaded.
That said, ASIC has still disabled access to the affected server and is working on “alternative arrangements” for the submitting of credit application attachments. The Aussie government agency reckons that none of its other infrastructure had been breached.
The commission is working with Accellion and cyber security advisors to deal with the incident and notify those impacted.
ASIC is not alone. On 11 January, the Reserve Bank of New Zealand (RBNZ) gave its own response to “a breach of a third party file sharing service” provided by Accellion. The RBNZ noted that the sharing service had been illegally accessed and it had taken the system offline while investigations continued.
The governor of the RBNZ, Adrian Orr, said: “We have been advised by the third party provider that this wasn’t a specific attack on the Reserve Bank, and other users of the file sharing application were also compromised.”
Accellion had been made aware of a vulnerability in its legacy File Transfer Appliance (FTA) back in December had swiftly issued a patch “to the less than 50 customers” it said were affected. FTA is 20 years old, according to Accellion, and the company advised those using it to upgrade to something a little more modern.
An Accellion spokesperson told The Register that ASIC’s incident was “related to the previously reported and patched FTA vulnerability.”
The breach is the latest in a series seen over recent months.
Jake Moore, cybersecurity specialist at ESET, said: “Government breaches are likely to occur more than you might think, as their infrastructure is often outdated. Funding can be difficult to come by and sometimes decision-makers wrongly assess the level of risk. However, although governments may seem like an easy target to certain threat actors, the rewards for a breach are usually not as lucrative as with private organisations.
“Governments are not so easily swayed into paying big demands to criminals due to their lack of funds, not to mention the public audience. Such financial demands are also even more difficult to sign off, so the motivation behind government attacks are often linked to other factors and political motives.
“The key for government organisations to thwart such attacks is to keep abreast of the latest attack vectors and continually train staff to be aware of threats. No one piece of software can completely put a stop to the attacks, but such risk of an attack should never be undermined by those making the decisions.” ®