BGD e-GOV CIRT warns about web risks in cyber bulletin
Risks of ransomware, web defacement, data leakage and theft of Personally Identifiable Information (PII) have been on the rise in recent times with multiple cyber-attacks in the country. In such a situation, to ensure the cyber security of all critical information infrastructure (CII), banks, financial institutions, healthcare institutions and public and private organizations of the government, strengthening cyber security management, updating necessary patches, BGD e-GOV CIRT, an organization of Bangladesh Computer Council which monitors the cyber health of the country has warned about suspicious activities.
The observation signed by Mohammad Saiful Alam Khan, BGD e-GOV CIRT Project Director, says that among the country's vendor product licenses, VMware, Roundcube, EvantiConnect Security have the highest number of web risks identified. Over 73 percent of the time, hackers are taking over websites and IoT devices due to exploits in the HTTP authentication system. Among them, Metabase, CrasFTP, ServedU and Timcity are seriously affecting the product. Through these, malicious hackers use remote files and SQL injects, crossfile scripting, brute force attacks, flawed plugins, themes in the name of exposing vulnerabilities.
Two fact files have been published in the bulletin published in this regard as the country goes on Eid holiday. This project working on cyber security under the government's information and communication technology department has warned that hackers are taking control of various websites and apps in Bangladesh. It has been informed that they are able to do this for various reasons including not updating the website, lack of security.
It said that the type of attack targeting Bangladeshi websites is like virtual terror, where hackers change the content of the website. It is also used to embarrass the website owners or promote personal agenda of hackers. That is, hackers keep various websites down. The site is hacked and defaced. Apart from giving distorted pictures, it also changes the content.
In addition, many sites are not updated for a long time, so hackers get an opportunity to penetrate there. It involves inserting any code or anything that creates a risk into the site, which creates the risk of leaking various information, including sensitive information. Apart from this, they also pose major security threats including phishing attacks, spreading malware.
The BGD e-GOV CIRT says the main reasons for such risks are the use of outdated software, poor qualifications, poor configuration, not updating security and using insecure code.
