Photo : Collected
The looming threat of cyberattacks from the hackers has prompted the Bangladesh authorities to take action as the month of mourning unfolds.
Both the public and the private organisations, particularly critical information structures and banks, have been put on high alert.
The reason for this heightened vigilance is a warning issued by "religious and ideologically motivated underground hacker groups," who have threatened to unleash a barrage of cyber-attacks on Bangladesh's cyberspace on August 15.
According to a notice released by the government's Computer Incident Response Team (CIRT) on Friday, the potential attacks have the potential to range from small to medium-scale, with the capability to disrupt IT operations and businesses.
In light of this serious threat, all organizations have been strongly advised to maintain a state of readiness, implementing necessary precautions to safeguard their digital infrastructure.
“The concerned authorities have been duly informed and briefed regarding the situation, providing them with clear directives on appropriate actions to be taken,” said CIRT Director Mohammad Saiful Alam.
CIRT said its research identified several groups with the same motivation.
The groups’ primary attack tactics include Distributed Denial-of-Service (DDoS) attacks, website defacements, compromising the website, and using malicious PHP shells as a backdoor to drop payloads.
Their top targets are government and military organisations, law-enforcing agencies, banks and financial institutions, pharmaceutical companies, retail and industrial organisations, and energy and education sectors.
The recent incidents of cyberattacks include one on payment gateway, law enforcement and banks on Aug 1, a DDoS attack on Bangladeshi transportation service making the website unavailable for one hour on Jul 3, and the defacement of the website of a Bangladesh government college on Jun 27.
A day before claiming a DDoS attack on the website of Bangladeshi military organisations on Jun 21, the group claimed to have compromised Bangladesh's state-owned investment company.
It also claimed to have exfiltrated data of over 100,000 investors and investment applicants.
The threat group shared a single screenshot as a proof of compromise and planned to release the data after successful exfiltration, CIRT said.
The government team advised all organisations to take a series of measures to prevent such attacks.
It asked them to ensure strict network and user activity monitoring round the clock, especially during non-office hours, and watch out for any indication of data exfiltration.
TDM/SD
