Situational alert on cyber threats

C.B.Desk: In the advent of EID holidays, Bangladesh Government’s Computer Incident Response Team (BGD e-Gov CIRT) would like to assure the security of the critical information infrastructures (CII), banks and financial institutions, health care and all sorts of government and private organizations by sharing a list of top threats to be vigilant for any suspicious activities in their infrastructure to prevent any sort of intrusion or disruption to their IT operations and services.

Top threats risking Bangladesh cyberspace:
Ransomware threat actors. Recent attack examples are: An organization in Bangladesh came under ransomware cyber-attack by the Money Message group on March 2023. Lockbit ransomware attack on a pharmaceutical company in April 2023.
Hundreds of Distributed Denial of Service (DDoS) attacks have targeted several entities in Bangladesh by exploiting exposed services such as DNS, NTP, SNMP, misconfigured middleboxes.
A number of APT groups were detected on our monitoring systems, which are targeting Bangladesh such as infy-apt, enfal-apt, machete-apt, tick, emissary-panda, threatneedle, muddywater.
An emerging threat from an APT group named ‘Anonymous Sudan’ which targeted Indian organizations as well as South Asian countries with DDoS attacks.
Web defacement attacks on various organizations in Bangladesh by using web shell injection technique.

All government, military and financial institutions are requested to take the following measures to ensure their infrastructures’ security:
Ensure strict network and user activity monitoring 24/7, especially during non-office hours, and watch out for any indication of data exfiltration, any sort of repeated patterns that may indicate attempts of lateral movement, discovery, or command and control behavior.
Ensure vital services as such DNS, NTP as well as network middleboxes are securely configured and are not exposed on the internet.
Ensure proper Information and Cyber Security awareness training among all the employees, customers, and consumers to report issues, if they observe any anomalies and/ or suspicious activities.
Conduct Vulnerability Assessment and Penetration Testing (VAPT) for all the systems on regular basis.
Ensure appropriate controls and minimize attack surface by assessing need-to-know basis.
Enhance your capability to combat growing cyber threats.
Configure and harden web application as per OWASP guideline (https://onwasp.onrg/www-pronject-web-security-testing-guide/v41/)
Ensure Web Application Security Headers are properly configured.
Report or inform BGD e-GOV CIRT regarding the detection of IOCs and/ or any suspicious activities you observe within your environment, to work in collaboration through https://www.cirt.gov.bd/incident-reporting/ or cti@cirt.gov.bd