The Reserve Bank of New Zealand has confirmed its systems were hit by a cyber attack that saw hackers access a sensitive file sharing service operated by a third party.
The Governor of the New Zealand Reserve Bank has confirmed that it was indeed hit by a cyber attack, however, the bank’s core functions and the sensitive data it houses was reportedly not accessed by hackers.
“We are working closely with domestic and international cybersecurity experts and other relevant authorities as part of our investigation and response to this malicious attack,” Adrian Orr, Governor of the New Zealand Reserve Bank (RBNZ) said.
The RBNZ’s most vital and sensitive functions “remain sound and operational,” Orr added. The bank has, however, alluded to the fact that it is investigating what data was accessed by outside threat actors.
News of the Reserve Bank of New Zealand being targeted by a cyber attack comes just months after the institution released its Financial Stability report which, according to Reuters “warned that the frequency and severity of cybersecurity incidents were on the rise in New Zealand.”
That report stated that cyber attacks were expected to cost the New Zealand banking and insurance industries anywhere between $80-140 million per year, with the authors stating that “more extreme events have a low probability, but are still plausible.”
There is the potential that the hackers gained access to either commercial or personally identifiable information stored within the New Zealand Reserve Bank. From there, the hackers could potentially sell this information, or use it for their own identity and financial fraud campaigns.
The Reserve Bank’s Governor Mr Orr continued to explain that “the nature and extent of information that has been potentially accessed is still being determined, but it may include some commercially and personally sensitive information.
The extent to which hackers were able gain access to sensitive information will be determined by an investigation. “It will take time to understand the full implications of this breach and we are working with system users whose information may have been accessed,” he said.
The cyber attack goes to show the importance of both securing an organisation’s network, as well as ensuring the third party software being used contains no vulnerabilities.
According to a report from CNBC, “several major organisations in New Zealand have been the target of cyber interference in the past year, including the New Zealand Stock Exchange, which had its servers knocked out of public view for nearly a week in August.”
That same report quotes Professor of Computer Science at Auckland University, Dave Parry, who believes the most likely culprit behind the hack of New Zealand’s Reserve Bank remains a nation state actor.
“Ultimately if you were coming from a sort of like criminal perspective, the government agencies aren’t going to pay your ransom or whatever, so you’d be more interested probably coming in from a government-to-government level.”