IMF hit by cyber-attack
By Chris Taylor
13/06/2011
The International Monetary Fund (IMF) has been the victim of a sophisticated cyber attack, BBC News reports.
The incident, which has been described as a "very major breach" by cyber security officials, could have exposed sensitive economic data about many countries to hackers.
It is possible that those who took the unspecified data could be linked to international espionage criminals according to an unnamed security expert who told Bloomberg that the "intrusion was state-based".
Current press reports suggest that personal documents and employee emails could have been stolen in the attack.
The BBC's technology correspondent, Rory Cellan-Jones, said the presence the FBI and the fact that the neighbouring World Bank has severed its computer link to the IMF, shows the case is being treat seriously.
He explained: "An internal memo suggests that one particular desktop has been compromised - and security experts are speculating that an individual has been targeted with an email containing malware.
"That could have enabled the attacker to gain access to the IMF's systems. What is not clear is whether any data was lost," he added.
Speaking to Computer Weekly, David Beesley, managing director of consultancy Network Defence, says that this kind of attack, known as 'spear phishing' is difficult to defend against because it primarily targets users and not PCs.
He warned that businesses needed layered IT management systems and robust employee education processes in order to defend themselves.
"Employees should be aware that even plausible-looking e-mails should be treated with suspicion, and IT teams should look at their AV (anti-virus) and anti-spam solutions to try and stop malware propagating.
"Using web proxies can stop executables and exploit code from reaching desktops, and intrusion detection systems can help spot unusual data traffic movements," he said.
