Cyber attack alert

Banks at risk

Anisul Islam Noor

22nd November, 2020 10:28:07 printer

Banks at risk

The finance ministry has alerted banks about the threat of a potential cyber attack, asking them to strengthen cyber security to avoid the risk of being hacked.

Banks have already intensified surveillance on online transactions and ATM booths. Some banks have started keeping ATM booths shut at night.

Cyber security expert Tanvir Hassan Zoha said banks in the country would be at grave risk of cyber attacks if they do not strengthen their cyber security systems in line with the central bank's guidelines.

As the threat of cyber attacks looms at a time when the world is going cashless, many banks have imposed restrictions on the access to ATMs, he said.

"We have checked through our network but did not find the existence of any malware," he said.

M Abul Kalam Azad, CEO of a cyber security company based in Dhaka, said the country’s banking system is largely not capable enough to thwart cyber attacks as they don’t monitor their systems round-the-clock as per the guidelines of Bangladesh Bank.

“Most banks lack proper tools for monitoring. Their system architecture is old-fashioned. Also, they don’t conduct security audit regularly. This is why many banks are vulnerable to hacking,” he said.

To secure the banking system, he said, all the banks must have their systems under Security Operation Centre (SOC) so that the system can be placed under constant monitoring.

M Abul Kalam Azad, CEO of Backdoor Private Ltd said, all banks must conduct vulnerability assessments and penetration tests (VAPT) by a third party and deploy well-trained IT experts to oversee their systems.

Rezwanur Rahman, Senior Technical Lead at Microsoft, mentioned that Bangladesh Bank has directed the financial institutes only and the activities of application interface (API) instigators such as remains out of the directive.

“The hackers create different fishing links to attract users through social media and email to take control of the respective bank cards. The users have to aware of sharing one-time-password (OTP) during any kind of digital transaction,” he said.

Last Thursday, the Financial Institutions Department of the Finance Ministry sent a letter to the banks, informing that North Korean-based hacker group Beagle Boys was involved in stealing money from Bangladesh Bank's reserves in 2016. They can also withdraw money from ATM booths of different banks in Bangladesh and hack into the Swift network.

Mohammad Shams-Ul Islam, managing director and chief executive officer of state-owned Agrani Bank, said: "We have already taken necessary measures after the alert issued by the finance ministry."

Earlier in August, the Bangladesh Government's Computer Incident Response Team (CIRT) informed the central bank that a North Korean hacker group (Beagle Boys) is attempting to attack Bangladesh's banking systems.

Then Bangladesh Bank alerted banks about the risk of cyber hacking.

After the alert, most of the banks have restricted their automated teller machines (ATMs), cards and online transactions and strengthened their security measures.

Some banks have suspended their ATM booths transactions from 12:00 am to 6:00 am, EMV transactions from ATMs, BEFTN transactions and SWIFT transactions.

On February 5, 2016, unidentified hackers stole $101 million from Bangladesh Bank's account with the Federal Reserve Bank of New York using fake orders on the SWIFT payment system. It was one of the biggest cybercrimes in the world.