Published :
Updated :
The incidents of cyber attacks continue to rise at different commercial and service-providing outlets in the country despite taking various preventive measures.
As the country achieved a good progress especially on socioeconomic front in the era of digitisation, the number of cyber related incidents is also rising.
Due to a leap in information technology-related crimes, the issue of cyber security has become a matter of serious concern to most of relevant government and private entities.
According to state-run Bangladesh e-Government Computer Incident Response Team (BGD e-Gov CIRT) under the Ministry of Posts, Telecommunications and Information Technology, the incidents registered with the organisation increased to 870 in 2018 from 683 in 2017. The figure was 379 in 2016.
Of the attacks, vulnerability accounts for 63.2 per cent, intrusion or hackings 5.7 per cent, malicious code 22.5 per cent, abusive content 4.5 and the rest comprise fraudulence, intrusion attempts, service request, information security and others.
But the actual number of attacks will be much higher as a good number of commercial or service- providing outlets do not report such incidents to the state-owned special unit, insiders said.
The government formed the BGD e-Gov CIRT under the Bangladesh Computer Council (BCC) just after the incident of Bangladesh Bank's reserve heist took place. It was formed to combat any such fatal intrusions further.
Capitalising on weaknesses in the security of Bangladesh's central bank, including possible involvement of some of its employees, perpetrators were able to steal US$81 million which was transferred to the Philippines on February 05, 2016.
In 2013, Sonali Bank of Bangladesh was also successfully targeted by hackers who were able to remove $0.25 million.
Since the largest cyber heist in the history of global financial forgery, the Bangladesh government took the issue very seriously, considering its damage to the economy and formed an anti-cyber attack unit called 'cyber incident response team' (CIRT).
After that, no major incident of cyber crimes took place in state-run financial institutions.
Tarique M Barkatullah, deputy project director of Leveraging ICT Project at BCC, told the FE that cyber related incidents will increase day by day amid gradual digitisation of government and privately-run services.
"And solution is that we have to raise our capacity in pace with such attacks in the virtual world," he said.
The BGD e-Gov CIRT had been formed to combat any cyber incidents, he added.
In August 2018, a 14-member team of CIRT observed that some hacker teams tried to intrude into the server of Bangladesh Bank.
Cosmos Bank of Pune, India was hacked in the same month as attackers siphoned off over $13.5 million.
Mr Tarique said, "Our team found that a group of hackers was trying to intrude into the BB server from some foreign casinos in the second week of August."
CIRT alerted all government agencies in this regard.
"Our team blocked tricky IPs (Internet Protocol) trying to interfere the central bank server."
He said the team also encountered hundreds of attacks on the Election Commission Secretariat website during the election period in December last.
The CIRT is now covering all kinds of services provided by the government entities, Mr Tarique added.
Director of Bangladesh Association of Software and Information Services (BASIS) A K M Fahim Mashroor told the FE that financial institutions are the main targets of attackers.
Hackers mainly attack a system for two reasons-- harassment and financial gain, he said, adding that the country lacks experts who can understand or have proper knowledge of reading equipment and software used in a system.
Local banks spend above Tk 20 billion on IT systems annually of which less than 5.0 per cent are spent on training, he said.
Mr Fahim said local banks are largely dependent on foreign expertise to ensure cyber security.
"It is a great achievement that the government has formed its own team." The special unit should be expanded to provide services both to the public and private sectors, he added.
However, swindling of debit and credit cards through skimming by fraudsters is on the rise in the country.
The country witnessed its biggest ATM card fraud in February 2016 when skimming devices were planted in several ATM booths of some banks to steal card information and create duplicates, according to Bangladesh Bank.
Nearly Tk 10 million was swindled in such incidents which affected City Bank, EBL, United Commercial Bank and Premier Bank.
City Bank was forced to repay a significant amount to its customers whose cards were swindled.
Brac Bank also repaid Tk 0.7 million to its customers for the same reason in April, 2018.
According to a study of Bangladesh Institute of Bank Management (BIBM), only 38 per cent of existing banks were fully-equipped to combat cyber attacks while 28 per cent were totally vulnerable and 34 per cent were partially-prepared.
Md Mahbubur Rahman Alam, associate professor at BIBM, told the FE that mobile apps-based service needs special focus, considering cybercrimes.
He also pointed out that cyber criminals in the western world are now using 'jackpotting' method to swindle money from ATMs apart from old skimming technique.
He said banks will always have to adopt newer technology to face spanking challenges in the virtual world.
Cybersecurity Ventures, a global web-portal, predicted that cybercrime will cost the world $6.0 trillion annually by 2021, up from $3.0 trillion in 2015.
The damage cost projections were based on historical cybercrime figures including recent year-over-year growth, and a cyber attack surface which will be an order of magnitude greater in 2021 than it is today, said the portal.
Bangladesh is yet to calculate its financial losses caused by cybercrimes.