Bangladesh witnessed a major and coordinated cyber attack very recently, as at least 147 public and private organisations - including banks and non-bank financial institutions (NBFIs), came under the attack, showing their utter vulnerabilities.
Terming the threat level of the attack 'high', the state-run Bangladesh e-Government Computer Incident Response Team (BGD e-Gov CIRT), in a latest report, said its cyber threat research unit discovered vulnerabilities in over 200 Microsoft Exchange Servers (MES) used in Bangladesh.
The report said the organisations included the Bangladesh Bank (BB), Bangladesh Telecommunication Regulatory Commission, LankaBangla Finance, Standard Bank, Trust Bank, Bank Asia, Dhaka Bank, Evercare Management Group, Evercare Hospital Dhaka, Bangla Trac Communications, and Agni Systems along with many other public and private organisations.
The government formed the BGD e-Gov CIRT under the Ministry of Posts, Telecommunications and Information Technology after the BB's reserve heist incident.
The agency works with various government entities, critical information infrastructures (CII), financial organisations, law-enforcement agencies, academia and civil societies to combat such incidents and help improve the country's cyber security landscape.
Its latest report also held responsible Hafnium, a hacker group, and some other threat actors for the recent attack, while it named Windows operating systems, specifically MES, as attack source.
Earlier, Microsoft named Hafnium as the group responsible for the 2021 MES data breach.
The report stated that the BGD e-Gov CIRT Cyber Threat Research Unit observed the current threat landscape, following the latest exploitation of MES vulnerabilities.
The unit recently found that some IP addresses, associated with different Bangladeshi organisations, were already exploited and some others were also vulnerable to these threats.
The report included both tactics, techniques and procedures (TTPs) and the indicators of compromise (IOCs) associated with the malicious activity.
To remain secure against the threat, the BGD e-Gov CIRT recommended the organisations to examine their systems for the TTPs and use the IOCs to detect any malicious activity.
The agency also suggested that if an organisation had discovered exploitation activity, it should assume network identity compromise and follow incident response procedures.
If an organisation found no activity, it should apply available patches immediately and implement mitigations in the alert.
The BGD eGov CIRT called upon the cyber attack victims to remain vigilant about cyber security and report suspicious incidents to - https://www.cirt.gov.bd/incident-reporting.
The agency issued the alert to several financial and government organisations on February 17, 2021 over a possible cyber-attack.
It had previously issued alerts in November 2020 to the country's banks over possible cyber-heist.
Talking to The Financial Express, Tarique M Barkatullah, director (CA and Security) of the Bangladesh Computer Council, opined that it was unclear what types of information were stolen from the organisations (that came under the latest attacks).
Terming it as a matter of great concern, he noted that Hafnium and some other threat actors hacked emails of the organisations mainly to steal their data.
The attacks were not only conducted in Bangladesh but also across the globe, and the hackers took the advantage of weaknesses of MES.
Mr Barkatullah, also director (operations) of the Digital Security Agency, said the entities concerned should take precautionary measures to prevent further attacks.
He urged all other organisations, including the banks and NBFIs, to strengthen their security measures to this end.