National, Front Page

Record number of bank cardholders’ info leaked

Published : 21 Jul 2022 12:06 AM | Updated : 21 Jul 2022 04:03 PM

A record number of Bangladeshi bank cardholders' information has been found in the dark web, according to a report.

According to the report 46.03 percent of classic cards, 89.54 percent of Visa cards information has been leaked. Lack of individual awareness and indifference of the bank authorities are responsible for such information reaching the dark web.

This information was revealed  from the recently published ‘Sectoral cyber threat intelligence for banking industries’ report of Bangladesh Government's e-Government Computer Incident Response Team (BGD e-GOV CIRT), the organization that looks after the cyber affairs of the government.

The report reveals that banks and other financial institutions have always been a centre point for cyber criminals. And CIRT continuously monitors those cyber attackers' movements.

Cyber Threat Intelligence Unit said that ‘Potential Attack Vector’ has been found both in government and private banks, through which, hackers can easily control those banks' information through their weak points. 

According to IBM X-Force, criminals target 70 percent of banks, 16 percent of insurance companies and 14 percent of other financial institutions.

BCG (Boston Consulting Group) recently said in their report, financial institutions have been victims of cyber attacks more than 300 times from other institutions.

The exposed risk services to cyber attacks in the banking sector can be seen in the report released by CIRT on Command and Control (C2) Detection and Malware Infections. The report shows that nearly 99 percent of banking organizations have one or more vulnerable and risky services exposed in the internet without even being aware of it while in 75 percent cases credential stealing is possible due to insecure uses of mobile and/or computing devices and users of Banking Applications and portals (both internal and external) are not properly aware of cyber hygiene.

CIRT says that almost all banks in the country have one or more weak services and weak authentication mechanisms that facilitate cyber attacks on a large scale. The worst part is that attackers can easily detect these vulnerabilities. Despite the efforts of the country’s banks to ensure secure infrastructure, suspicious communications have been observed on the IPs of some banks by the CITC (Command and Control).

Cyber attackers attempt to compromise communications on a specific target network through C2C.

To keep banking institutions safe from these attacks, things like banning vendor access to institution’s assets and devices, ensuring 2FA/MFA, regular monitoring of threat intelligence, training programs to increase awareness, ensuring Security Operations Center (SOC), and data breach law enforcement must be ensured. 

This body of government has given a set of advice including how to mitigate threats by communicating with organizations and government entities.   

E-gov CIRT project director Tarique M Barkatullah told Bangladesh Post, “In the post pandemic situation use of debit and credit cards increased several fold. This has eased various aspects of people's lives and at the same time created opportunities for hackers. If a debit card is linked to the savings account then there is a high risk of hacking.” 

“Following our report Bangladesh Bank has recently reduced the limit on digital purchase. Now, no one can purchase more than USD 300 online,” he added. 

Citing few cards that have insurance protection which separate them from the hackers attack, he suggested that visa debit cards should be brought under the insurance policies as part of the risk minimization factor.

Related Topics