Cyber attack: A detrimental hurdle for ‘Smart Bangladesh’

 

While Bangladesh is on the move from ‘Digital Bangladesh’ to ‘Smart Bangladesh’ and pursuing the dream of becoming a developed country, we are being constant target of cyber attacks. Despite implementing several preventive precautions, the number of cyber attack incidences at various commercial and service-providing outlets in the nation is rising. In the age of digitization, the nation made good socioeconomic progress, and the frequency of cyber-related incidents is also increasing. Bangladesh is likely to experience more of these attacks in the near future. Hence, it is important that, we take significant steps to prepare our system to fight cyber attacks.

A cyber attack is a harmful and intentional attempt made by a person or organization to access another person’s or organization’s information system. Typically, the attacker wants to gain something from crashing the victim’s network. It also describes an act intended to manipulate, obliterate, or steal data from a computer or any component of a computerized information system, as well as to harm or exploit a network.

Following warnings from some hacker groups earlier this week, the Bangladeshi government has advised all public and private businesses to be on high alert for potential cyber attacks on August 15. The Computer Incident Response Team (BGD e-GOV CIRT) has urged all firms to take the necessary safeguards to protect their infrastructures after issuing a warning about potential interruption to IT operations and businesses. According to the report, cyber groups have been targeting businesses in Bangladesh and Pakistan.

The CIRT also discovered several groups that shared the same goalof carrying out periodic cyber attacks against Bangladeshi enterprises. The main assault methods used by the organization are Distributed Denial-of-Service (DDoS) attacks, website defacements, website compromises, and the use of malicious PHP shells as a backdoor to deliver payloads. Government and military organizations, law enforcement agencies, banks and non-bank financial institutions, pharmaceutical companies, retail and industrial businesses, as well as the energy and education sectors, are the top targeted organization types.

Just after the Bangladesh Bank reserve robbery incident, the government established the BGD e-Gov CIRT under the Bangladesh Computer Council (BCC). It was established to fight off any additional fatal intrusions. In 2016, hackers were able to steal US$81 million by taking advantage of loopholes in Bangladesh’s central bank’s security, maybe with the help of some of its staff. Hackers were also able to successfully steal $0.25 million from Sonali Bank of Bangladesh in 2013.

Recently, there have been a number of cyber attacks in Bangladesh. A hacking gang reported a cyber attack on the Payment Gateway in Bangladesh, as well as on law enforcement and banking institutions, on August 1. On July 3, a hacker gang claimed responsibility for a DDoS attack on Bangladeshi transportation service for 1 hour that rendered the website inaccessible for an hour. On June 27, a hacking gang vandalized the website of a government college in Bangladesh and distributed a web archive to back their claims. A hacker group vandalized a Bangladeshi health organization’s website on June 24 and uploaded a web archive to corroborate their claims. The group claimed a DDoS attack on the website of Bangladeshi military organizations on 21 June and the group claimed to compromise Bangladesh’s state-owned investment company, and infiltrated data of over 100,000 investors and investment applicants on 20 June.

The CIRT has asked all organizations in Bangladesh to take a number of precautions to ensure the security of their infrastructures, like; ensuring strict network and user activity monitoring, ensuring that no single server is overwhelmed during an attack, deploying a Web Application Firewall to analyze incoming HTTP/HTTPS traffic, ensuring vital services such as DNS, NTP as well as network middle-boxes are securely configured, validating all user input to prevent malicious code injection, performing regular backups of website’s content and database, enforcing HTTPS on website with SSL/TLS encryption, keeping all web server software, content management systems (CMS), plugins, and other software components up-to-date with the latest security patches etc.

The target of the hackers or attackers remains to either change or steal or destroy the data in a system for the outcome of harassment of the victim or financial gain of the attacker. If a proper data backup plan is in place, then the loss can be minimal in the case of changing or deletion of data by the hackers. But stealing the data, which is very common in today’s world, can put an individual or organization under serious financial or social threats. Hence, it becomes easier for the hacker to gain financially. In the face of the current reality, along with the developed countries, Bangladesh also needs to be more focused on cyber security.

Cybersecurity is the defense of computer systems and networks against intrusions by criminals that could lead to the loss or damage of hardware, software, and data, as well as the unlawful disclosure of personal information. Bangladesh is at risk because of a lack of knowledge about data protection and cyber security. It is necessary to raise awareness. In Bangladesh, a lot of businesses concentrate on developing security infrastructure, but they do not do routine maintenance on it. To combat the new generation of hackers, routine examinations and diagnostic procedures must be strengthened, which will necessitate extensive research.

All governmental tasks are currently being digitalized in Bangladesh. Both small and large businesses are accustomed to using technology. Cybercriminals are utilizing the change for their benefit. Therefore, we need to be more cautious and observant. Everyone must create their own cyber security policies and defenses.To combat cyberthreats, technological and legal advancement is required. Only swift correction and appropriate procedures will be able to fill the gaps in secure online operations.

Eyeing on the upcoming National Parliamentary Election, different groups may use cyber attacks to destabilize the country and especially to harass the government. Many of our critical establishments may come under such attacks. Such attacks can be the results of national, regional or global politics as different groups are trying to put substantial pressure on the government. As we have already experienced, number of cyber attacks has increased in the recent months and that may increase further before the next election. Hence, the government and information technology experts must take adequate precautions to face this challenge.

Cyber attacks can make us more vulnerable if our information is not secured and proper firewall is not maintained. We need to invest seriously in keeping proper backup of our data. It is unfortunate that, the websites in our country mostly uses the hosting from foreign countries and we have very low control over there. We need to build our own data centers to host our own data so that we can ensure protection with utmost importance. Adopting the newest technology to keep our data secure is a must as the technology is changing rapidly and our system can become obsolete within weeks. So, constant upgradation is a necessity considering the ever-alarming threats of cyber attacks. Moreover, we need to develop our softwares and anti-virus protection for better security and that will also require critical research in the field of information technology.

To cope up with the new generation hackers, there is no alternative to research in the field of cyber security. We have capable human resource in this area and must ensure proper research facilities for them. The public and private sector both should invest in this area for the sake of the country’s future. Moreover, we need to include cyber security in our curriculum to raise awareness among the youngsters. Additionally, public campaign is required to create awareness so that the individual users of internet learns to use cyber security tools for better protection and also become keen to invest in these tools as an integral part of using a computer.

Under the farsighted leadership of Prime Minister Sheikh Hasina, Bangladesh has started its journey towards ‘Smart Bangladesh’ as well as towards becoming a developed nation. Cyber attacks can appear as a serious barrier to reach our goal. Hence, the government and the relevant stakeholders must take serious steps to ensure cyber security in Bangladesh. By putting adequate emphasis on cyber security only, we can fasten our progress and can become a prominent IT hub.

The writer is Chief Editor at Mohammadi News Agency (MNA) and Editor at Kishore Bangla