Third-party file sharing service hacked, NZ Reserve Bank reveals

Titanium Defence cybersecurity expert Tony Grasso, who was the cyber lead at the Department of Internal Affairs, told Morning Report file-sharing systems could weaken security.

Devdiscourse News Desk | Wellington | Updated: 11-01-2021 09:01 IST | Created: 11-01-2021 09:01 IST
Third-party file sharing service hacked, NZ Reserve Bank reveals
Yesterday, Reserve Bank Governor Adrian Orr said they were investigating the breach with experts and authorities. Image Credit: Flickr

A cybersecurity expert says attacks like the latest on the Reserve Bank could be due to the type of data systems they are using.

The Reserve Bank revealed yesterday a third-party file sharing service it uses, which contains some sensitive information, has been hacked.

It's the latest after a string of cyber attacks in the past year targeting several major organisations in New Zealand, including the New Zealand Stock Exchange - which had its servers knocked out of public view for nearly a week in August.

Titanium Defence cybersecurity expert Tony Grasso, who was the cyber lead at the Department of Internal Affairs, told Morning Report file-sharing systems could weaken security.

Grasso said there was still lots of questions about the breach to be answered.

"The question that will be on my mind, and I'm sure this will be what they're looking at is, who got in, how did they get in, and more importantly, what information has been taken from this file share, but more interesting than that, have they got from the file share onto the bank systems internally?"

However, he said it would be hard to say who could be behind the breach at this stage.

"You have to always keep in mind it may be a foreign intelligence national agency whenever something as big as the Reserve Bank ... any government department within reason, you always have to have that at the back of your mind.

"It would be interesting to find out how they were caught. Our detection systems here are good, if it's one of those systems that have come from another government agency, a more sensitive government agency, that may indicate it was a foreign actor, or these days criminal gangs are getting together and they've become an industry on their own and are really good at getting into organisations.

"Imagine the ransom you could put on the Reserve Bank if you encrypted all their data, for example."

Grasso hoped for a more detailed report from the Reserve Bank on who it could be.

"The Americans are very good at saying 'it was definitely a foreign government' and they normally name them as well. It would be good to know if it was that, if it was a criminal organisation or if was it a just a lone wolf, we have loads of these in our industry."

The Reserve Bank said sensitive info "may" have been breached.

The type of information exposed would depend on who the third party was, Grass said.

"A third party could be just an IT-provider and they're just sharing architecture documents, that would be bad of course. But it could be information around Covid for example.

"If they were working with external agencies about the recovery of the company from Covid ... it could be papers around how we're planning for our recovery, I mean who knows.

"I would hope that sensitive stuff like that isn't held in a third party file server, I'm fairly sure it wouldn't be."

He said even if its own systems were very secure, having a third party who was insecure connecting to the systems could bring a threat.

Yesterday, Reserve Bank Governor Adrian Orr said they were investigating the breach with experts and authorities.

"The nature and extent of information that has been potentially accessed are still being determined, but it may include some commercially and personally sensitive information.

"It will take time to understand the full implications of this breach, and we are working with system users whose information may have been accessed. Our core functions remain sound and operational."


TRENDING

OPINION / BLOG / INTERVIEW

Addressing conflict-related sexual violence at long last

... ...

Why unequal access to coronavirus vaccines is a threat to us all

... ...

India’s love affair with fossil fuels: the path to sustainable development?

... ...

Videos

Latest News

Maruti service network crosses 4,000 outlets; 208 workshops added this fiscal

The countrys largest carmaker Maruti Suzuki India MSI on Wednesday said its service network has crossed 4,000 outlet mark across the country, covering 1,989 towns and cities. The auto major said it has added 208 new service workshops in 202...

CERAWEEK-OPEC oil has advantage over U.S. shale during pandemic recovery

The once-brash U.S. shale industry, which spent profusely in recent years to grab market share, is now focused on preserving cash, putting it at a disadvantage to low-cost OPEC producers as the global economy begins to gear up again.Before ...

Maezawa wants you: Japan billionaire seeks 'crew' for moon trip

Japanese billionaire Yusaku Maezawa on Wednesday launched a search for eight people to join him as the first private passengers on a trip around the moon with Elon Musks SpaceX. He had originally planned to invite artists for the weeklong v...

Landslide blocks J-K highway

The Jammu-Srinagar national highway was closed for traffic on Wednesday due to a landslide in Jammu and Kashmirs Ramban district, leaving over 300 vehicles stranded, officials said.The 270-km highway, the only all-weather road linking Kashm...

Give Feedback