Bangladeshi Banks Are Not Properly Cyber Secure

Uploaded on 2020-10-13 in FREE TO VIEW, BUSINESS-Services-Financial

Many countries have cyber banking security problems and one recent example is in Bangladesh, where the national Bangladesh Bank has warned all banks about new cyber attacks from N. Korean hacking groups. These hackers have resumed targeting banks worldwide through the use of fraudulent international money transfers and ATM cash-outs.

It is believed that the North Korean hackers were responsible for stealing $81 million from the central Bangladesh Bank in 2016, and have engaged in fraudulent ATM cash-outs affecting upwards of 30 countries in a single incident. The Bangladesh National Computer Incident Response Team (CIRT)  believe the North Korean Hacker group’s ‘Beagle Boys’, were attempting to attack the country’s banking establishments.

Many Bangladeshi banks have now their restricted their ATMs, cards and online transactions and strengthened their security measures after the cyber alert.  However, most banks in the country have no updates or new strategies to counter hackers. They need better security structures for online transactions and lack of cyber security skills.

These issues were raised by Tanvir Hassan Zoha, Cyber security researcher and Managing Director of  Backdoor Private Ltd  at a recent event called ‘Behind ATM Hacking’ held at the Economic Reporters’ Forum (ERF) held in the nation's capital, Dhaka.  Zoha says  that  network systems of many financial institutions in Bangladesh, including banks, are unknowingly infected with malware. 

From August 27 most Bangladeshi banks have restricted their ATMs, cards and online transactions and strengthened their security measures to avoid the risk of being hacked following an alert issues by the national Bangladesh Bank and a number of local banks are yet to fully reinstate their ATM, credit card and online transaction services even after the Bangladesh Bank withdrew the alert.

Even though many Bangladeshi banks have increased their cyber security, still the skills and security investment is lacking.

Zoha said banks should be more aware of local hackers as a threat to the banking system and recommends that banks quickly identify the areas of weakness in their systems, enhance monitoring over networking of banks, create awareness, arrange practical trainings on cyber security and should file prosecutions against known hackers. 

The Bangladesh Bank has issued several alerts to all banks about possible cyber attacks in the past year past and the larger commercial banks are though to be taking precautionary measures about the online transactions whist the central bank is also monitoring foreign currency transactions.

Dhaka Tribune:     Business Standard:      Daily Observer:       Prothomalo:

You Might Also Read: 

Analysts Detect New Bank Malware:

 

« Cyber Security For Business Leaders
The Software Industry Delivers Appliances With Known Vulnerabilities »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BruCON

BruCON

Brucon is Belgiums premium security and hacking conference.

Zerto

Zerto

Zerto provides enterprise-class disaster recovery and business continuity software specifically for virtualized data centers and cloud environments.

AMETIC

AMETIC

AMETIC, is the Association of Electronics, Information and Communications Technologies, Telecommunications and Digital Content Companies in Spain.

NetLib Security

NetLib Security

NetLib Security’s powerful, patented data security platform helps companies control data loss prevention (DLP) by managing what data can be transferred outside of their network.

LinOTP

LinOTP

LinOTP is an enterprise level, innovative, flexible and versatile OTP-platform for strong authentication.

Arkose Labs

Arkose Labs

Arkose Labs' Fraud and Abuse Platform combines Telemetry and adaptive Enforcement Challenges to break down the ROI of fraudsters and protect digital businesses.

HackControl

HackControl

HackControl services include penetration tests, security audits, block chain audits and brand and anti-phishing protection.

Gytpol

Gytpol

Gytpol is a leader in Endpoint Configuration Security (ECS) solutions, providing validation, remediation & securing of IT Policies and IT Infrastructure on-premise and in the cloud.

ZecOps

ZecOps

ZecOps is a cybersecurity automation company offering solutions for servers, endpoints, mobile devices, and custom devices.

Casque SNR

Casque SNR

CASQUE SNR is the next generation of Identity Assurance that has potential to supersede existing solutions. It provides Identity Assurance for both people and things.

r00tz Asylum

r00tz Asylum

r00tz Asylum is a nonprofit dedicated to teaching kids around the world how to love being white-hat hackers.

RealTyme

RealTyme

RealTyme is a secure communication and collaboration platform with privacy and human experience at its core.

Triangle

Triangle

Triangle enable innovative business transformation by ensuring critical hybrid infrastructures are optimised, interoperable and secure.

Beaming

Beaming

Beaming is an established Internet Service Provider for businesses across the UK. We deliver reliable voice, data and managed services, including cybersecurity.

Ncontracts

Ncontracts

Our mission at Ncontracts is to continually improve our clients’ ability to manage risk and compliance.

Straiker

Straiker

Straiker's AI-native security platform is designed to protect enterprise AI applications and autonomous agents from evolving threats through automated assessment and runtime guardrails.