Banks’ cyber security protocols to get a boost

The Financial Institutions Division of the Ministry of Finance is planning to set some guidelines for the sector to bolster its cyber security against any kind of threats and to deal with such attacks.

A meeting of the division with stakeholders on Thursday will also conduct a review of the cyber security protocols in the country's financial sector and coordination between financial institutions and various government agencies involved with cyber security.

The move comes in the wake of yet another cyber attack against the Bangladesh Bank on September 7 when hackers tried the same technique used in the cyber heist of 2016. But this time a quick alert from the regulator protected the sector from any significant losses.

On the day at 2:14pm, cyber criminals infiltrated the central bank's recruitment website erecruitment.bb.org.bb, and injected nine malwares into the domain. The meeting's working paper has revealed the e-mail ID, password, IP address and the names of the injected malware.

The CIRT has also found evidence of intrusion or leak in another five central bank domains – the web portals of e-returns, e-tender, Bangladesh Financial Intelligence Unit (BFIU), central bank's e-mail and exp.bb.org.bb.

The central bank and all other scheduled banks use the exp.bb.org.bb domain to monitor transactions of all types of foreign currency.

The stakeholders participating in the meeting include the Bangladesh Bank and the Bangladesh Government's e-Government Computer Incident Response Team (BGD e-GOV CIRT).

Tawhidur Rahman, Senior Technical Specialist (Digital Security) of BGD e-GOV CIRT, told The Business Standard, "The culprits are repeatedly trying to inject malware into the Bangladesh bank's system. We recently foiled one such attempt.

"Efforts are on to establish an SOP [Standard of Practice] to protect the financial sector from cyber security threats. The government is also working to introduce a data security act and cloud security act."

Four years ago, cyber criminals hacked the Bangladesh Bank's SWIFT system and stole $81 million. Till today, Bangladesh has not managed to get back even half of the money.

Before this incident, North Korean hackers began sending emails riddled with malware disguised as job applications to Bangladesh Bank officials in 2014, in preparation for the cyber heist of 2016.

On September 7 this year, the central bank issued its latest alert after suspecting that another North Korean hacker group – known as the BeagleBoyz – might be planning to carry out a cyber-attack on Bangladesh's banks.

Following the alert, many banks in the country limited their ATM services, including cash withdrawals. This looming threat of cyber security breach has been causing a lot of inconvenience to customers of both state-owned and private banks across the country.

According to sources from the Bangladesh Bank, the CIRT and its global stakeholders have recently unearthed evidence of a malware named FastCash2.0 through various Indications of Compromise (IOC), which are attacking various network systems and important databases.

IOCs are pieces of forensic data, such as data found in system log entries or files that identify potentially malicious activity on a system or network.

Such intrusions pose serious risks to the integrity of computer networks and operating systems used by the country's financial sector, including the Bangladesh Bank, the FID revealed in the meeting's working paper.

However, Bangladesh Bank spokesperson and Executive Director Md Serajul Islam said, "We have noticed some attempts of data-mining from areas of the central bank's website where data are kept for public access.

"The issue does not pose a big threat to the bank's main security. There is no reason for concerns about it. I believe that we are completely secure in areas where security must remain ensured."

Steps taken by the central bank

The Bangladesh Bank, following CIRT's recommendations, is already focusing on a number of steps to protect the sector from cyber attacks. These measures include – changing leaked passwords on an emergency basis, examining the server system, regularly backing up important local and external files, maintaining a strong firewall and employing the use of filters.

The central bank also directed all scheduled banks to take necessary steps for identifying, assessing and countering any possible risks a new technology-based product or service may pose in regards to money laundering and terror financing, before introducing it to the customers.

The scheduled banks were also directed to take necessary steps for keeping all domestic and foreign transactions free from any attempts of fraud or forgery. The central bank has also sent all cases regarding ATM card and password related frauds to the law enforcement agencies for review and necessary action.

Measures to be discussed by FID

The FID, at the meeting scheduled for Thursday, will discuss ways to ensure uninterrupted services while countering cyber security threats to the country's financial sector, according to the meeting's working paper.

Some the division's recommendations are – using a special sensor to monitor important data centers, taking effective measures if an intrusion is detected in the system, and using international support along with an effective response to tackle security threats.

The division also recommended issuing an alert seeking international support if an institution fails to resolve a complex issue by itself.

The FID suggested coordination among financial institutions, various government units, critical information infrastructure, law enforcement agencies, academia and civil societies on the issue of cyber security.

The sector should also keep close ties with international organisations and the cyber security community.

Mentioning the necessity of monitoring to determine whether institutions are following the recommended measures to counter cyber vulnerabilities, the FID suggested investigating any suspicious activities related to network security and taking proper action if required.

It also recommended that institutions work towards recovery and control of the national data centre and its services, if they get negatively impacted by a cyber security incident.

Representatives from the ICT Division, Digital Security Agency, Bangladesh Telecommunication Regulatory Commission (BTRC) and Bangladesh Computer Council will participate in the FID meeting, among other stakeholders.

It should be noted that on August 27, the issue of cyber security was discussed at a cabinet meeting presided over by Prime Minister Sheikh Hasina.

At the meeting, the government asked the Digital Security Agency to coordinate with all stakeholders in the sector, and recommended that steps be taken to remove sensitive and offensive content from the internet.