BB alerts banks of malware risks

Bangladesh Bank has recently alerted banks and non-bank financial institutions that they are at risk of cyberattacks and asked them to heighten their guard against malware and viruses.

Malware like the banking Trojan TrickBot — which can steal financial details, account credentials and personally identifiable information — are at large.

Subsequently, the BB in a letter on July 10 requested banks and NBFIs to deploy cybersecurity best practices such as regular patch updates of ICT systems, the use of licenced software and other solutions, regular penetration tests to assess the vulnerabilities in sensitive systems, constant monitoring and storage backup.

The central bank also asked banks and NBFIs to notify of any recent incidents of malware attacks and the actions taken by July 13. It also sought a detailed account of the preventive and reactive measures from cyberattacks by July 20.

BB Spokesman Md Mezbaul Haque acknowledged sending the letter, which was part of the central bank’s general housekeeping. “Banks are taking proactive measures,” he added.

The letter from the central bank comes after Bangladesh Krishi Bank’s server came under a malware attack last month. Notorious ransomware group ALPHV, also known as BlackCat, broke into the state bank’s servers and made way with more than 170 GB of crucial information.

The break-in went undetected for 12 days, giving the hackers ample time to study internal documentation and steal valuable data with impunity.

In the same month, a security leak from the website of the Office of the Registrar General, Birth & Death Registration had left more than 5 crore citizens’ personal information exposed on the internet.

Cyberattacks have become a persistent threat in Bangladesh due to a lack of awareness among individuals and businesses regarding cybersecurity practices, according to experts.

Since 2016, approximately 5,576 cyber incidents were registered by BGD e-GOV CIRT, the government agency responsible for maintaining the country’s cybersecurity.

The cyberattacks targeted the government, start-ups and the financial, military, industrial, trade and commerce, healthcare and energy sectors.

Back To Top