Bangladesh Financial and Govt Institutions Face Cyber Threat

The Bangladesh government's e-Government Computer Incident Response Team - BGD e-Gov CIRT, an organization working to develop cybersecurity prevention in Bangladesh, said in a statement that there was a threat of cyber attacks targeting consumers and customers of various financial and government institutions.

This company takes measures to take, evaluate and solve various computer security issues. This specialized agency of the Government of Bangladesh also provides advice on any security vulnerabilities.

The threat was reported from a threat actor group called Casablanca.

There are fears that the attack could be carried out by a computer malware called LoaderDat, which is capable of working on both Android and Windows operating systems.

The statement said that initially it was thought that the threat was aimed at spreading their botnet in Bangladesh. This botnet process involves spreading malware on the Internet, infiltrating other people's computers, stealing information, spamming and other attacks. This includes the risk of "serious data theft and financial loss".

Under this, the attackers are said to be trying to attract or phishing people by making fake websites in the form of the website that the government of Bangladesh has for registration to vaccinate Kovid-19.

The attackers (corona-bd.com/apply) have created another website similar to the Bangladesh government's website for registration in the vaccination program (corona.gov.bd).

In addition, the attackers have created another fake site called IMEI Today in the form of a website called IMEI Info to verify the IMEI number of the phone. Through these sites and domains, they force people to download the malware called loaded at.

These cyber attackers can also force the download of the malware through e-mail and SMS or text messages.

Regarding the statement, Bangladesh Bank spokesperson Sirajul Islam said, "After the release of the statement, they did not take any new security measures in this regard." Besides, other banks were not instructed to take any action separately.

He said such threats are a casual occurrence. Almost every day there is one or another such issue.

“There can still be a panic if we warn the banks again and again,” he said.

Mr. Islam said banks must be vigilant. We are always on the lookout for any mishap that can happen every day.

He said the threat that has been mentioned is that fake websites have been opened from outside the country in the form of various banks and financial institutions in Bangladesh. Which can be called a dummy website. If someone unknowingly enters those sites, hackers may get them if they provide information.

He also said that the financial institutions of Bangladesh have no direct involvement with these. Islam. For this reason, there is no threat to the financial institutions of Bangladesh at present, said the spokesperson of the central bank.

He said, however, that in this case, Bangladesh Telecommunication Regulatory Commission-BTRC can take a step where there will be such a system so that no one from the country can connect to those sites or provide any information.

Ali Reza Iftekhar, managing director of Eastern Bank, a private bank in Bangladesh, told BBC Bangla that they were wary of the statement. Besides, they are constantly working to make the cyberbanking system secure.

Mr. Iftekhar said that from time to time, in addition to various agencies, they receive internal warning instructions about cyberattacks, which is why their technology department works all the time to secure the banking system.

"Cybersecurity isn't really a one-time thing. Attacks can happen at any time. So it's an ongoing process. It's always a work in progress."

Abul Kashem MD Shirin, managing director of Dutch Bangla Bank, another private bank, said they had received warnings about such threats several times in the past year.

As a result, they have already taken several steps to secure the banking system. They are working with them.

However, he added that no new steps have been taken since the directive was issued.

Meanwhile, the BGD e-Gov. CIRT statement directed financial and government institutions to take the following steps:

Provide adequate information to all employees, customers and consumers and train them to create cybersecurity awareness.

Ensuring that the organization's own arrangements and instructions for using the infrastructure are being properly complied with

Reduce the risk of attack by knowing the necessary information and imposing adequate control

Educate customers and consumers about the use of MFS or other services including mobile banking.

Enhancing the ability to prevent growing cyber attacks

Inform the CIRT team about any incident to work jointly at https://www.cirt.gov.bd/incident-reporting/.

Source: BBC Bangla