Foreign state could be behind IMF cyber attack

Attack prompts World Bank to sever its connection to the IMF

The International Monetary Fund (IMF) has suffered a targeted cyber attack that has compromised a number of its systems.

A large quantity of data has been stolen, including documents and emails, and the attack may be linked to a foreign government, according to reports.

The attack has prompted the World Bank to sever its direct network connection to the IMF as a precautionary measure.

The IMF uses RSA's SecureID tokens and told employees earlier this month that it would be replacing them following the security breach at RSA in March this year.

And although there is as yet no official link between the RSA breach and this attack, Ovum principal analyst Graham Titterington said it is highly likely.

"There is a high probability that there's some connection," said Titterington.

"We've had the Lockheed Martin breach, which has been well attributed to the RSA breach. The IMF hack actually occurred a little while ago and has just come to light. So it could have happened directly after the RSA attack."

Titterington added that a foreign agency or government is likely to be behind the attack.

"The IMF is going to be well defended from an information point of view, so getting in would require significant resources over a long period of time. Criminal gangs don't have the resources that governments and agencies hold.

"Also, the information stolen from the IMF is of more use to governments than individuals. In terms of motive and ability, responsibility is most likely to lie with a foreign nation."

Ross Brewer, vice president and managing director for international markets at log management firm LogRhythm, recommends the IMF monitor its logs to understand the scale of the breach.

"The key to stopping hacks before they have a chance to do serious damage is stored in the log data generated by IT systems. These provide the traceability required to spot patterns of suspicious behaviour in real-time."