On February 4, 2016, North Korean hackers planned to hack a billion dollars from the central bank of Bangladesh and partially succeeded in this task by taking advantage of the holiday. But fortunately, the transfer of the rest of the money, except for $81 million, was blocked. After this, Bangladesh Biman too was attacked by many message group in March. And in April, Aristo Pharma was hit by Lockbit ransomware. After that, there was no report of any major attack in the country, but on April 19, the cloud storage containing 3.6 million files was discovered due to a misconfiguration error in the system of neighboring India’s multinational bank ICICI.
After that, to be more careful during the Eid holidays, the country’s cyber security watchdog BGD e-GOV CIRT passed a special warning message to the individuals and organizations using technology to be alert.
The CIRT Project Director Eng. Saiful Alam Khan told DigiBangla, ‘We are not just sitting with regular warning messages. We are continuing strict surveillance in addition to spreading awareness strategies. After canceling the Eid holiday, the 40-members of CIRT team divided into 8 teams and is keeping a 24-hour surveillance on the country’s cyberspace. In order to be safe, I urge any organization to report to CIRT immediately if it is a case of a cyberattack. Our team is committed to providing cyber security to the nation.
Meanwhile, CIRT’s report called “Situational Alert on Cyber Threats” says that various ransomware groups have launched cyberattacks in the country recently. Among these groups, there are the “money message group”, the Lockbit ransomware. Also worth mentioning are various APT groups such as “Infy APT”, Infall APT”, “Emissary Panda”, “Threatneedle” and “Muddywater”. According to the report, in March 2023, the “Money Message Group” attacked an institution in the country. In addition, Lockbit ransomware attacked a large pharmaceutical company in Bangladesh this month.
Critical information infrastructure, banks, financial institutions, health care, government and private organizations should take measures to ensure cyber security.
As stated, a large number of DDoS “Distributed Denial of Services” attacks have been observed in the country in recent times in CIRT’s observation. CIRT’s monitoring has identified an APT group called “Anonymous Sudan”, which has recently launched DDoS attacks in South Asian countries, particularly India.
Apart from this, criminals have also carried out “web defacement” attacks in the country using web shell injection method. Also during regular monitoring of CIRT, the activities of “Infi APT”, Infall APT”, “Emissary Panda”, “Threatneedle”, “Muddywater”, “Tick” and “Machit” APT have been found active in the country.
It gives 9 guidelines to keep organizations safe from attacks and damage:
• 24/7 network monitoring should be done after scheduled office hours.
• It is important to pay special attention to the services like DNS, NTP, network middleboxes, they should be configured correctly on the Internet so that no credentials are spread in any way.
• Regularly conduct VAPT (Vulnerability Assessment and Penetration Testing) of all systems.
• CIRT focuses on configuring web applications according to Wasps’ guidelines.
Besides, the report mentions to ensure adequate controls on “need to know” basis.