Record number of bank card information on dark web, hacking alarm!
A record number of card information of Bangladeshi bank card holders has gone to the dark web. As a result, the country's debit and credit card holders may fall prey to hackers at any moment. BGD e-GOV CIRT, the organization that looks after the cyber issues of the government, has already announced that it will stand by the banks on this issue. In the meantime, the gency has advised users to be more careful in protecting their personal information, as well as to strengthen passwords and turn on two-factor authentication and avoid suspicious links and calls.
The government has also issued a series of recommendations to banking service providers to mitigate threats such as data breaches by communicating with law enforcement agencies and government entities. This organization under the ICT department has attributed the lack of information to individual awareness and the indifference of the bank authorities.
According to the "Sectoral cyber threat intelligence for banking industries " report published by the BGD e-GOV CIRT on the cyber security of the country's banking system, 46.03% of Bangladesh's classic cards and 89.54% of Visa cards have been compromised. However, this report is not yet open to everyone. This government agency is selling it online.
According to the report prepared by the organization, financial institutions especially banks are the target point of cybercriminals. The BGD e-GOV CIRT regularly monitors these activities of cybercriminals. In that observation, Cyber Threat Intelligence Unit of CIRT has recently found 'potential attack vectors' in public and private banks of the country. As a result, criminals can easily control the weak points of these networks remotely, informed a member of this team.
According to a study by IBM X Force, criminals target 70% of banks, 16% of insurance companies and 14% of other financial institutions.
BCG (Boston Consulting Group) said in their report, financial institutions have been victims of cyber-attacks more than 300 times from other institutions.
The report published by CERT on exposed risk services, command and control (C2) detection and malware infections in the banking sector provides 6 facts.
According to the report, almost all banks in the country have one or more weak services and weak authentication mechanisms that facilitate cyber-attacks on a large scale. The worst part is that attackers can easily detect these vulnerabilities. Also, various assets of banks including various devices, applications are among the risky services. Routers are at the top of this list that lack the required security.
Despite the efforts of the country's banks to ensure secure infrastructure, suspicious communications have been observed on the IPs of some banks by the CITC (Command and Control).
Cyber attackers attempt to compromise communications on a specific target network through CSI.
To keep banking institutions safe from these attacks, BGD e-GOV CIRT emphasizes prohibiting vendors from accessing the institution's assets and devices, ensuring 2FA/MFA, regular monitoring of threat intelligence, training programs to increase awareness, and ensuring Security Operations Center (SOC). As a part of this, the organization is providing necessary data and technical support for the attack surface analysis of any bank.
According to a study by IBM X Force, criminals target 70% of banks, 16% of insurance companies and 14% of other financial institutions.
BCG (Boston Consulting Group) said in their report, financial institutions have been victims of cyber-attacks more than 300 times from other institutions.
The report published by CERT on exposed risk services, command and control (C2) detection and malware infections in the banking sector provides 6 facts.
According to the report, almost all banks in the country have one or more weak services and weak authentication mechanisms that facilitate cyber-attacks on a large scale. The worst part is that attackers can easily detect these vulnerabilities. Also, various assets of banks including various devices, applications are among the risky services. Routers are at the top of this list that lack the required security.
Despite the efforts of the country's banks to ensure secure infrastructure, suspicious communications have been observed on the IPs of some banks by the CITC (Command and Control).
Cyber attackers attempt to compromise communications on a specific target network through CSI.
To keep banking institutions safe from these attacks, BGD e-GOV CIRT emphasizes prohibiting vendors from accessing the institution's assets and devices, ensuring 2FA/MFA, regular monitoring of threat intelligence, training programs to increase awareness, and ensuring Security Operations Center (SOC). As a part of this, the organization is providing necessary data and technical support for the attack surface analysis of any bank. 
