Website portals or e-mail servers of 147 entities in Bangladesh, including the Bangladesh Bank, suffered cyber attacks by Hafnium, a group thought to be state-sponsored and operating out of China and which had already attacked 24 countries across the globe with the US marked as the prime target.
The Bangladesh government’s Computer Incident Response Team disclosed the information in a report titled ‘Cyber Threat Report on Exploitation of Microsoft Exchange Server Vulnerabilities: Context Bangladesh’ on Thursday.
The web portals and e-mail servers of government entities, financial institutions and business organisations, including the Bangladesh Army, the Bangladesh Bank, the Bangladesh Telecommunication Regulatory Commission, Gas Transmission Company Limited, LankaBangla Finance, Standard Bank and Trust Bank, were found vulnerable to the cyberattack, the CIRT report mentioned.
‘In order to observe the current threat landscape, by following the latest exploitation of Microsoft Exchange Server Vulnerabilities, the Cyber Threat Research Unit of the CIRT recently found some IP addresses associated to different Bangladeshi organisations — some of these are already exploited and also some others are vulnerable to the threats,’ it mentioned.
‘This is not the first time the CIRT has raised the alarm bell of cyberattacks in the country’s financial system,’ cyber security expert Tanvir Hassan Zoha, managing director of Backdoor Private Limited, told New Age on Friday.
Tanvir, however, said that he had not seen any visible measures taken by the entities who were found to be vulnerable to cyber-attacks to make their systems safe and secure.
Speaking about the remedies to tackle the growing cyber-attacks in the country’s major institutions, Tanvir said that the respective organisations must launch investigations to address the security breaches in their systems and take remedial measures.
‘If any of the organisations refrains from doing so, the CIRT should block the entities from operating in the cyber space as otherwise, sensitive information would be leaked out of the country,’ Tanvir mentioned.
To ensure security against the threats, the BGD e-GOV CIRT recommended that the organisations to examine their systems for tactics, techniques and procedures (TTPs) and use the indicators of compromise (IOCs) outlined in its report.
The CIRT recommended the users to run newly developed tools — Microsoft’s Test-ProxyLogon.ps1 script and Safety Scanner MSERT — to assess if their Microsoft Exchange Servers have been compromised or not.
It also recommended that users should to maintain up-to-date antivirus signatures and engines, to keep operating system patches up-to-date, disable file and printer sharing services (if required use of strong passwords or active directory authentication were recommended, to restrict users’ ability (permissions) to install and run unwanted software applications, not to add users to the local administrators group unless required, to enforce a strong password policy and implement regular password changes and to exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known, among other things.
Apart from Bangladesh and the United States, other countries targeted by Hafnium are Chile, Germany, Canada, France, Uzbekistan, Belgium, Hong Kong, Italy, Kazakhstan, South Korea, Turkey, United Arab Emirates, Slovenia, Pakistan, Mongolia, Israel, Guyana, Brazil, Russian Federation, South Africa and Mauritius.
In the US, around 30,000 entities were attacked by Hafnium.
Even though the country suffered its worst international cyber hacking worth $101 million in February 2016, little has been done so far to ensure cyber security in Bangladesh’s financial and other major institutions, experts said.
Want stories like this in your inbox?
Sign up to exclusive daily email
More Stories from Banking