Cyber attack risk too high

Take immediate steps to thwart large-scale attack

A story headlined “Cyber heist risk too high” published in this newspaper on Saturday says the country's over 200 government and private organisations, including Bangladesh Telecommunication Regulatory Commission (BTRC), Bangladesh Bank, commercial banks, and internet service providers came under a severe cyber attack.

A hacker group called ‘Hafnium’ launched the attack, threatening to pose serious risks to organisations.

And the hackers might have stolen and can still steal confidential information contained in emails. They also may blackmail the organisations in the future.

We are very concerned about the possibility that the hacker group will continue launching attacks on our government and private organisations including financial institutions.

A new report published by the BGD e-GOV CIRT, the government’s organisation for cyber attack response identifies that financial organisations have become the prime target of cyber attack.

It is necessary to plan and integrate 

security measures to immobilise any 

attempt of a cyber attack

The organisations in the country which use Windows operating systems, especially Microsoft Exchange, were attacked by hackers, the report says, adding some IP addresses have been found that are at risk of attack. 

In this regard, we think the government must take proactive measures—including cyber resilience audits, secure-sourcing strategies and removing elements with vulnerabilities—to protect the government and private organisations including financial institutions’ systems, data, and customers. 

Country’s banking sector still remains vulnerable to cyber criminals even about six years after the $101 million cyber heist from the Bangladesh Bank's account with the Federal Reserve Bank in New York due to the absence of an effective cyber security system.

It has been noticed that cyber attacks on financial institutions have grown significantly in recent years.

For combating the cyber attack, BGD e-GOV CIRT has suggested that the target organisations examine their systems for the TTPs and use the IOCs to detect any malicious activity. 

We think it is necessary to plan and apply security measures to guard their work and immobilise any attempt of cyber attack.