Bangladesh Central Bank Issues Emergency Alert over ‘High-Risk’ Cyber-Attack Threat

Cyber-attacks hit trades every day. Former Cisco CEO John Chambers once said, “There are two types of companies: those that have been hacked, and those who don’t yet know they have been hacked.”[1] Cybercrime has grown last year as individuals strive to profit from weak business processes. Frequently, perpetrators demand ransom and 53% of cyber-attacks caused damage of $500,000 or more. It is also possible to launch cyber-attacks with ulterior motives. Any attackers see the obliteration of networks and data as a form of “hacktivism.”[2]

What is Cyber-Attack?

A cyber-attack is an intrusion by cyber criminals using one or more machines against a single or more computers or networks. A cyber assault will maliciously disable computers, steal data, or use a damaged computer as a starting point for other attacks. Cyber attackers employ a range of techniques to conduct cyber-attacks, including malware, phishing, ransomware, denial of service, and other techniques.[3]

In recent years, Bangladesh has become one of the most vulnerable countries in cyber space. Cyber-attacks often took place, which caused loss of assets in very recent time. With the increasing number of internet users, the number of attacks ratio is also going up.

Bangladesh Bank under Cyber Attack

According to sources from the Bangladesh Bank, the Computer Incident Response Team(CIRT) and its global stakeholders have recently discovered evidence of a malware named FastCash2.0 through various Indications of Compromise (IOC), which are attacking various network systems and important databases.

On 15th of February 2021 Bangladesh Bank and several financial government organizations including Bangladesh Police, Corona BD, Islami Bank, BRAC Bank and bKash came under cyber-attack.According tothe CIRT’s Cyber Threat Research team a group called ‘KASABLANKA’ was behind the hacks, labelling the threat as ‘high risk’.[4] There is no indication that the attack was carried out for financial gains. However, it could become a serious threat, which could lead to the theft of important information or large-scale financial losses. The CIRT also warned that hackers could deceive people about vaccines by generating fake web portals emulating the government’s websites for COVID-19-related information.When a citizen fills out the vaccination form, the NID number, date of birth, and other personal information are sent directly to the hackers.[5]According to CIRT we also been targeted by imei.today, a phishing website that looks similar to www.imei.info, a legitimate website where users can verify the authenticity of their mobile device’s International Mobile Equipment Identity, or IMEI number.

Previously on January 10 2021 the Bangladesh Bank issued an emergency cyber alert to its staff and officials and suspended internet services.

Even in August 2020, the Bangladesh Government (CIRT) reported the central bank that the North Korean hacker group Beagle Boys was planning to attack Bangladesh’s banking industry. Moreover it is irreparable and beyond any consolation, the biggest heist in history of Bangladesh bank on February 2016 that shook the financial world.The US Department of Justice has officially confirmed charges against Park JinHyok, a North Korean hacker, almost five years after the Bangladesh Bank heist, the most sensational cybercrime involving a financial institution to date.[6]

Safety Measure Taken by the Central Bank

The Bangladesh Bank already focuses on numerous measures to defend the sector from cyber-attacks, following the recommendations of CIRT. This include: improvements in emergency leaked passwords, server system inspection, routine backup of critical local and external files, and retention of a firewall and the use of filters.

The central bank has also advised all scheduled banks to take measures appropriate to detect, analyze and address any potential threats to money-laundering and terrorist funding a new technology-based product or services which rise before it is launched to customers. The scheduled banks were also ordered to take appropriate precautions to avoid any attempts of fraud or forgery from both domestic and international transactions. The central bank has also submitted to the law enforcement authorities for investigation and intervention all cases of ATM card and password related fraud.

Following the alert, many banks in the country limited their ATM services, including cash withdrawals. This looming threat of cyber security breach has been causing a lot of troublesomeness to customers of both state-owned and private banks across the country

In the opinion of the cybersecurity experts the banks in the country would be at a grave risk of cyber-attacks if they do not strengthen their cybersecurity systems in line with the central bank’s guideline. As a result banks need to train their employees and enhance logistics supports for the cybersecurity to safeguard themselves from the cyber-attacks.Clearly, the extent of insecurity in cyberspace in Bangladesh is rising every day. In order to mitigate impacts, the condition and sustainability of emerging technology and services must be approached. In order to resolve cyber challenges, technical and legal improvement is important. Web consumers still need to be made mindful of cybercrime elimination. Proper protections and quick rectification can reduce the cavities in secure online operations.

[1] Retrieved from <https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html#~how-cyber-attacks-work> Accessed on 27th February 2021.

[2] Ibid.

[3] Retrieve from <https://www.checkpoint.com/cyber-hub/cyber-security/what-is-cyber-attack/>  Accessed on 28th February 2021.

[4]Govt issues alert over cyber-attack threat, The Financial Express, Retrieved from <https://thefinancialexpress.com.bd/national/govt-issues-alert-over-cyber-attack-threat-1613550323> Accessed on 26th February 2021.

[5] Hackers target Bangladeshis by creating fake COVID information website, Retrieved from <https://bdnews24.com/technology/2021/02/19/hackers-target-bangladeshis-by-creating-fake-covid-information-website> Accessed on 28th February 2021

[6]Shariar Rahman ,” Bangladesh Bank Heist: US charges North Korean hacker” The Daily Star, Retrieved from <https://www.thedailystar.net/backpage/news/bangladesh-bank-heist-us-charges-north-korean-hacker-2047289> Accessed on 28thFebruart 2021

Share

Share on facebook
Share on google
Share on twitter
Share on linkedin
Facebook-f
Linkedin
Twitter
Youtube

© 2018-2024 | All rights reserved by MCLaw Services Ltd.

Website Designing Partners - WideShouts

    Etiam magna arcu, ullamcorper ut pulvinar et, ornare sit amet ligula. Aliquam vitae bibendum lorem. Cras id dui lectus. Pellentesque nec felis tristique urna lacinia sollicitudin ac ac ex. Maecenas mattis faucibus condimentum. Curabitur imperdiet felis at est posuere bibendum. Sed quis nulla tellus.

    ADDRESS

    63739 street lorem ipsum City, Country

    PHONE

    +12 (0) 345 678 9

    EMAIL

    [email protected]

    PURCHASE

    DISCLAIMER

    LEGAL DISCLAIMER

    This web-site https://www.mclawservices.com (“Website”) is a public resource for general information about MCLaw Services.

    The materials provided on this site are for informational purposes only. These materials constitute general information do not constitute any legal advices or other professional advices and intrinsically, you should not depend on the contents of this website. The contents of the web site don’t necessarily represent the opinions of MCLaw Services either.

    If you seek any legal advice, you must retain competent legal counsel to advise you. If you’d wish to retain MCLaw Services, please contact one in all our members, who are happy to discuss whether our firm can assist you. A solicitor-client relationship would deem to exist between you and also the firm if the firm specifically agrees to act for you. The creation of the attorney-client relationship would require direct, personal contact between you and our firm through one or more attorneys and would also require an explicit agreement in the form of an “engagement letter” by the firm that confirms that an attorney-client relationship is established and the terms of that relationship. Any unsolicited information provided by you to our firm outside of such a solicitor-client relationship will not be treated as confidential and cannot be protected by any solicitor-client privilege.

    While MCLaw Services has made reasonable efforts to make sure that the materials contained on this site are accurate, it doesn’t warrant or guarantee:

    • the accuracy, currency or completeness of the materials;
    • That the site will be available without interruption, error or omission; that defects are going to be corrected; or
    • That the web site and also the server(s) that make it available are free from viruses or harmful components.

    The website and the materials provided on the web site are provided “as is” and “as available” without representations, warranties, or conditions of any kind, either expressed or implied.

    COPYRIGHT AND TRADEMARKS

    The copyright of this website and all materials contained in it is owned or licensed by MCLaw Services. The MCLaw Services website, as a whole, or in part, might not be reproduced without the prior written consent of MCLaw Services.

    MCLaw Services will have no liability for any damage arising from the misuse of any information provided on this website. The data provided on the web site isn’t legal advice and may not be relied upon as such; doing so without seeking the recommendation of legal counsel constitutes a misuse of the data. The MCLaw Services doesn’t guarantee the confidentiality of any communications sent via e-mail or through its website.

    User Acknowledgement

    By proceeding further and clicking on the “I Agree” button herein below, I acknowledge that I of my very own accord wish to grasp more about MCLaw Services for my own information and use. I further acknowledge that there has been no solicitation, invitation or inducement of any sort whatsoever from MCLaw Services or any of its members to form an Attorney-Client relationship through this website. I further acknowledge having read and understood the Disclaimer below.

    I Agree
    Disagree