The Australian Securities and Investments Commission, popularly known by its acronym ASIC, has confirmed on Monday that the security of one of its servers was compromised by an attack on January 15.
The Aussie regulator detailed that the incident was related to Accellion software, which was used in transferring files and attachments. The perpetrators gained access to a server that was storing documents associated with recent Australian credit license applications.
Though ASIC did not elaborate on the methods of the attack, it acknowledged the attackers might have viewed some of the information stored on the compromised server.
“While the investigation is ongoing, it appears that there is some risk that some limited information may have been viewed by the threat actor,” the regulator stated. “At this time ASIC has not seen evidence that any Australian credit license application forms or any attachments were opened or downloaded.”
Additionally, the financial market watchdog stated that it has disabled access to the affected server and confirmed that none of its other servers were affected. The IT team of the regulator is now doing a forensic investigation on the compromised server.
“ASIC is working on alternative arrangements for submitting credit application attachments, which will be implemented shortly,” ASIC added. “ASIC is working with Accellion and has notified the relevant agencies as well as impacted parties to respond to and manage the incident.”
Cyber Attacks Are Becoming Rampant
Cyber attacks have become very common in the last few years, and attackers are now even targeting regulators and stock exchanges. Last year, a massive coordinated cyber attack targeted the New Zealand Stock Exchange that resulted in the exchange service outage for days.
Furthermore, the cases of notorious ransomware attacks increased in recent years and hackers are asking millions of dollars in compensation even from some of the largest enterprises.