Cyberwar spawned in Ukraine war

Caution about malware strikes on financial systems

Some 1,400 IP numbers in BD already being used for hoax

| Updated: April 30, 2022 17:52:39

Caution about malware strikes on financial systems

Bangladesh is alerted against botnet and malware infections of important data infrastructures, including in financial institutions, to forestall cyber-attacks on the sidelines of the Ukraine war.

Officials say the government's dedicated cyber-threat agency issued the warning as global cyberwar is getting spawned in the Russia-Ukraine war with the western military alliance, NATO, backing the latter with weapons support.

The Bangladesh Computer Council's e-Government Computer Incident Response Team (BGD e-GOV CIRT) also recommends protecting all important information facilities urgently through inspecting and monitoring their internal systems.

Director (operations) of the Digital Security Agency and project director of the BGD e-GOV CIRT Tarique M Barkatullah told the Financial Express that in the wake of the ongoing conflict between Ukraine and Russia, hackers from both sides are using important information infrastructures of different countries to propagate and attack each other through botnets and malware.

Botnets are networks of computers infected by malware (such as computer viruses, key loggers and other malicious software or malware) and controlled remotely by criminals, usually for financial gain or to launch attacks on websites or networks.

"Analysing a warning message provided by the Russian Computer Security Incident Response Team (SIRT), the BGD e-GOV CIRT has found as many as 1,400 IP (internet protocol) numbers used in Bangladesh," he said.

"From all these IPs, a group of hackers are conducting propaganda and distributed denial of service (DDOS)," he added.

Due to the misuse of these IP-linked Bangladeshi servers, infected financial institutions and public-service providers in the country are facing disruptions in providing their regular services, Mr Barkatullah mentioned.

The government's cyber-threat agency also suggests that in the situation, the authorities concerned need to take steps to keep systems free from botnet and malware infections by inspecting the information infrastructures under their control.

The authorities "must install or update anti-DDOS hardware and software", the agency recommends.

During the upcoming Eid holiday, all important information infrastructures, including financial institutions, need to be brought under proper monitoring to prevent hacking.

Malware (short for 'malicious software') is a file or code, typically delivered over a network, that infects, explores, steals or conducts virtually any behaviour an attacker wants.

Prof Dr Md Salim Uddin, chairman of the executive committee of Islami Bank Bangladesh Limited (IBBL), told the FE that some financial institutions were witnessing cyber-attack in the wake of the ongoing conflict between Ukraine and Russia.

"IBBL is well-prepared to thwart any kind of cyber-attack as it adopts new technological solutions all the time," he says.

He laid emphasis on enhancing cyber-security with new tech solutions and monitoring systems among the internal systems.

"There should be an association or platform among the financial institutions to enhance cooperation and integration to prevent all kinds of cyber-threats."

He also calls upon the government to come up with more collaboration and support in this regard to fend off increased cyber-threats in the days to come.

For countering the threat to information security, Mr Tarique also suggests making an inventory of all network devices and services operating in the respective organisation, as well as firewall rules that provide access to them.

M Barkatullah stresses setting up logging and making sure that the logs of system security messages and the operation of operating systems, as well as events of access to various services of the organisation (websites, mail servers, DNS servers, etc), are complete and correct.

In the future, this can simplify the process of responding to possible computer incidents, he says.

[email protected]

Share if you like