Throughout the year 2023, the digital landscape of the country experienced turbulence. Notably, the months of July and August garnered attention due to the exposure of over 5 crore individuals' information belonging to Bangladeshi citizens.
Discussions revolved around cyber attacks on entities such as Krishibank, Beximco, and Biman Bangladesh. Social media pages of numerous individuals and even manufacturing factories fell victim to hacking incidents.
As the year concludes, Bangladesh reflects on various incidents, ranging from financial mishaps to compromise of data. Ransomware attacks have been a persistent threat, with a retrospective view revealing that cyber-criminals targeted government services, banks, and financial institutions back in 2003.
In each case, the prevailing issues have been attributed to ignorance, negligence, and a lack of awareness regarding the lifestyle of netizens.
Smart NID Data Leak Shakes the Nation
In July 2023, Bangladesh experienced a severe blow to its cybersecurity infrastructure as over 5 crore records of citizens' data were leaked online. The leak, stemming from security lapses in a government website, exposed sensitive personal information, including names, dates of birth, and National Identity Card (NID) numbers. This breach, fueled by a lack of robust security measures, raised concerns about the vulnerability of citizen data.
Ransomware Strikes Biman Bangladesh Airlines
On March 17, the cyber landscape took a hit as Biman Bangladesh Airlines fell victim to a ransomware attack. The hackers, operating with the unique ‘Zero Day Attack’ malware, infiltrated the airline’s email server, causing a shutdown of internal communications. The attackers demanded a USD 5 million ransom, threatening to release 100GB of sensitive data, including passenger details and internal reports. The incident underscored the critical need for enhanced cybersecurity measures in the aviation sector.
Krishi Bank’s Sensitive Data Compromised
In a significant breach on June 21, 2023, Krishi Bank fell prey to the notorious blackcat hackers, also known as the ransomware group ALPHV. The hackers claimed to have successfully hijacked Krishi Bank’s servers, gaining access to 170GB of sensitive data. This incident highlighted the vulnerability of financial institutions, emphasizing the need for fortified cybersecurity defences.
Coordinated Cyber Attack by Indian Hackers
The cyber threat extended beyond national borders, with Indian hackers orchestrating a coordinated attack on 25 government and private institutions in Bangladesh. Sensitive information from institutions such as the Investment Corporation of Bangladesh and the Department of Health was compromised. The attack exposed the deficiencies in the country’s cybersecurity infrastructure, prompting a call for urgent reforms.
Widespread Impact on 147 Institutions
A large-scale cyber attack rocked Bangladesh, affecting at least 147 public and private institutions, including banks and non-bank financial institutions. Bangladesh Bank, Bangladesh Telecommunication Regulatory Commission, Lankabangla Finance, Standard Bank, Trust Bank, and various other entities fell victim to the onslaught. The attacks exploited vulnerabilities in Multiple Enterprise Systems (MES), reflecting a systemic issue in the nation's cybersecurity framework.
In the wake of these cyber threats, Engineer Mushfiqur Rahman of Cybercrime Awareness Foundation urged organizations to prioritize cybersecurity and adopt risk management strategies.
With 98 percent of technology in Bangladesh sourced from foreign entities, Rahman emphasized the importance of utilizing open-source technology, developing indigenous software, and fostering collaboration between information technology experts and academia to fortify the nation’s cyber defences.