It took one NSW Government agency 49 days to shut down a hack by fraudsters, a new report on cyber security in the public service has revealed.
The attempted financial fraud in 2017 involved a government agency and its IT systems provider, and spread to other agencies before it was reported and stopped.
The case study is part of a new report by the state’s auditor-general Margaret Crawford.
She called for urgent improvements in the public sector’s ability to respond to cyber security incidents.
“There is a risk that incidents will go undetected longer than they should, and opportunities to contain and restrict the damage may be lost,” the report said.
“Cyber security incidents can harm government service delivery and may include theft of personal information, denial of access to critical technology, or even the hijacking of systems for profit or malicious intent.”
Hacked account sent out 450 bogus emails
The 2017 case study started with a compromised email account, and led to led to a shut-down of the agency’s financial payment system.
Six days later, the hacked account sent deceptive emails, known as phishing, in a bid to get the credentials of finance staff.
Two weeks after the initial hack, the agency’s IT provider detected a fraudulent invoice and raised the incident to major status.
Email account users were told to change their passwords, but by day-20, the hacked email account had sent out 450 bogus emails, and 300 staff had clicked on the link inside.
At that point the agency had found out that about 200 email accounts were under the control of criminals, yet it failed to temporarily lock the accounts.
It was not until day 36 that the IT provider reported the incident to the Government’s chief information security officer.
Six days later, it was found that the account that had been hacked at the start was still compromised.
The agency’s payments gateway, which handled business invoices, staff salaries and superannuation, was finally re-opened on the 49th day.
Click here to go in detail http://snip.ly/cismk