Sunday, May 05, 2024
The Bangladesh Bank has alerted banks, mobile financial services (MFS) providers, payment services providers and payment system operators over a cyber-threat.
A letter – issued by the regulator to such entities on July 10, mentions that the central bank has received information on a possible malware and virus attack targeting the information and communication technology (ICT) systems of some institutions.
TrickBot and similar types of malware/Trojan programmes have been trying to steal sensitive data by attacking the country’s banking system, read the letter.
Industry insiders say TrickBot is computer malware for Microsoft Windows and other operating systems, and a cybercrime group is behind this threat.
Originally, the malware’s primary function was the theft of banking details and other credentials, but its operators have extended its capabilities to create a complete modular malware ecosystem, they added.
The central bank has asked banks and other payment service providers to regularly update the ICT system patch, use licensed software and other solutions, and keep policy and monitoring of security solutions updated.
The banking regulator also asked the stakeholders to regularly conduct Vulnerability Assessment and Penetration Testing (VAPT), keep backups of sensitive systems, put emphasis on endpoint security, and raise awareness among the system and email users to combat cyber threats.
It has asked banks to inform the regulator within 13 July if any of them face a cyber incident triggered by malware.
Banks and other payment service providers have also been asked to inform the central bank within July 20 about their preventive and reactive measures to remain safe from cyber-attacks.
The Business Post correspondent tried to reach Bangladesh Bank Executive Director and spokesperson Md Mezbaul Haque for comments on the issue, but he did not respond till the filing of this report.
A chief executive of a private commercial bank seeking anonymity said his bank has already informed their preparation plan to the central bank for mitigating the cyber risk.
Mutual Trust Bank Managing Director and CEO Syed Mahbubur Rahman said, “The investment to reduce cyber risk is not enough in our banking industry. Most of the banks are busy making profits instead of focusing on this issue.
According to a recent study of the Bangladesh Institute of Bank Management (BIBM), cyber security is a major area of concern for the country’s banking industry, as 52 per cent of banks here are facing high cyber risks.
The spending for cyber security and IT training is still very low in the country’s banking sector.
Recently, a US-based online news outlet TechCrunch reported that more than five crore Bangladeshi citizens' personal information, including their full names, phone numbers, email addresses and National Identification (NID) numbers, has been exposed from a Bangladesh government website.
Viktor Markopoulos, a researcher working in Bitcrack Cyber Security, accidentally discovered the leak on June 27.
