Cyber-attacks are a serious threat to any country, especially in the digital age. Bangladesh is also prone to similar threats as several cyber-attacks got revealed in 2023. Coordinated and large-scale attacks target multiple organizations simultaneously, highlighting the need for improved preparedness and response. Exploiting vulnerabilities in popular software, like Microsoft Exchange Servers, is a growing concern, requiring regular updates and robust security measures. The rise of fintech and digital platforms raises worries about online financial transactions and data privacy. Bangladesh is actively enhancing cyber security capabilities, fostering partnerships, and promoting awareness to address these trends and strengthen its defenses.

Cyber Attack on Digital Bangladesh: Millions of Citizens Are at Risk

Recently, a catastrophic data breach has struck, leaving the personal information of a staggering 50 million Bangladeshi citizens exposed. The severity of this incident demands your immediate attention. Here are the critical details:

• Massive Data Breach Exposes Personal Info of 50M Bangladesh Citizens. A Government website in Bangladesh has leaked sensitive data, including full names, phone numbers, emails, and national ID numbers.
• Researcher Viktor Markopoulos discovered the breach on June 27 and promptly alerted the Bangladeshi e-Government Computer Incident Response Team (CERT).
• TechCrunch’s investigation confirmed the breach’s authenticity, uncovering data on millions of citizens.
• Shockingly, a simple Google search exposes the leaked data, raising concerns about further exploitation.
• The consequences are dire: unauthorized access, data manipulation, application deletion, and Birth Registration Record Verification breaches.

Other Similar Incidents of Cyber Attacks in Bangladesh

That’s not all; if we look back, there are many similar instances in the recent past. A few of them are listed below:

• Bangladesh Krishi Bank fells victim to a cyber-attack using the ALPHV ransomware, where hackers breached the bank’s security and stole over 170 GB of sensitive data. Utilizing advanced encryption methods, they made the bank’s servers and information inaccessible. Additionally, the Bangladesh Bank experienced a separate incident in January 2023, where hackers exploited a vulnerability in its SWIFT system and stole $ 3 million.
• In March 2023, a group of cybercriminals known as APT41 launched a sophisticated campaign against several Bangladeshi government agencies, including the Ministry of Foreign Affairs, the Election Commission, and the National Board of Revenue. The attackers used phishing emails, malware, and ransomware to compromise networks and steal sensitive data.
• In June 2023, a massive distributed denial-of-service (DDoS) attack disrupted the services of Grameenphone, the largest mobile operator in Bangladesh. The attack lasted for several hours and affected millions of customers. The attackers demanded a ransom of $10 million to stop the attack, but Grameenphone refused to pay.
• Biman Bangladesh Airline’s email server was hacked in a ransomware attack on March 17, 2023.
• Further Study on Cybersecurity situations in Bangladesh reveals are below scary facts
• 92% of micro, small, and medium entrepreneurs lack awareness about cyber security.
• 40% of entrepreneurs have been victims of cyberattacks.
• Only 7.7% can identify cyber threats.
• 82% believe cyber security is irrelevant, leading to vulnerability and losses.
• Only 21.43% reported cybercrime incidents to authorities.
• 47% use digital tools despite low mobile internet penetration (28%).
• Social media-based cybercrimes predominantly affect females (57%).

Immediate action is critical to address security vulnerabilities, strengthen defenses, and prevent future breaches. As the targets are spreading between Government, Banking & Financial Institutes, Aviation, and Energy/Utilities, every sector needs to be attentive and proactive in Incident Response with detection, response, recovery, and business continuity strategies.

It is important to take immediate steps to rectify this critical issue, fortify security measures, and protect our citizens’ personal information. Apart from 3^rd Party Risk Assessment with VAPT, Red teaming, Compromise Assessment, Attack Surface Management, Dark Web Analysis, Shadow IT, OT/IOT/ICS Audits, aiSIEM type of services has become the need of the hour.

If there is any further information or assistance we can provide, please do not hesitate to contact us. Together, we can ensure the safety and well-being of citizens and restore confidence in the government’s ability to protect the data in Bangladesh.