SBS probe potential cyber-attack


Michael Roddan and Max Mason

SBS has found no evidence of harm to its data. PHOTO: GABRIELE CHAROTTE

The NSW government’s cyber security agency is investigating whether the state’s health department and other agencies have been victims of a high profile cyber-attack that has hit the corporate watchdog, law firm Allens and the Reserve Bank of New Zealand.

SBS, the multicultural broadcaster, has also taken the Accellion file transfer software offline as it probes any potential impact from the cyber-attack that exploited a vulnerability in the legacy platform late last year.

The file-sharing system provided by Californian cloud company Accellion and used by numerous local and international organisations was compromised late last year.

Accellion’s file transfer application system, used to store and share sensitive information, is a two-decade-old product but was updated last year when it learnt of a vulnerability in the system. Earlier this month, Accellion said it had warned customers of what it termed a ‘‘P0’’ vulnerability in its ‘‘legacy’’ file transfer appliance.

A Cyber Security NSW spokesman said the government and the agency were aware of the breach. Investigations are at an early stage and little is known about the possible significance of any potential breach. Accellion’s website notes the software is used by NSW Health support services.

‘‘CIOs [chief information officers] across the NSW government have ensured that all instances of the product have been taken offline. Cyber Security NSW is continuing inquiries and agencies will follow any protocols on required notification,’’ the agency said.

Documents show the NSW government uses the Accellion file transfer system to send data including for the prevention and response to violence, abuse and neglect, as well as child, youth and families data, but only after the information is secured, passwordprotected and encrypted.

SBS has used the Accellion service since 2007 to exchange large files for collaboration and proofing on broadcast videos, from rough cuts to final versions.

‘‘SBS is investigating as a priority the potential impact in relation to a limited number of files held on the Accellion platform, following a defined security incident to Accellion’s services,’’ a spokesman said.

‘‘Our use of the platform stopped whilst Accellion provided a security patch which has now been installed.

‘‘Our investigations are ongoing; however, at this time there is no evidence that files held on the platform during that defined period were accessed or downloaded.’’

Accellion is also used by the South Australian government whose spokesman said it was aware of the issue.

‘‘While some SA government agencies use Accellion file transfer products, specifically Kiteworks, there are no known users of the legacy products that Accellion have reported as being vulnerable and exploited,’’ the state government said.

The Royal Australian Mint is also a customer of Accellion but a spokeswoman confirmed it was not affected by the breach.

Last week The Australian Financial Review revealed law firm Allens was compromised by the Accellion breach, one which academics have suggested was the work of a state-based actor.

On Monday, the Australian Securities and Investments Commission said it was hit by a ‘‘cyber security incident affecting a server used by ASIC’’.

ASIC, the corporate watchdog, said it became aware of the incident on January 15 and that it had launched an investigation.

Source: Financial Review 29 Jan 2021

The contents contained within any published News Item from this Site item are not necessarily the opinions of Australian Systems Integration Pty. Ltd. & Utilidex Pty. Ltd.  

Scroll to Top