While the digital landscapes are plagued with vulnerabilities, the recent coordinated cyber attack that targeted Bangladesh’s cyberspace brought to the fore the nation’s resolute response in the face of mounting threats.
Bangladesh faced a serious issue when a coordinated cyber attack targeted 25 major government and private institutes in an era where a country’s digital reputation may be destroyed with the hack of a single website. As information of the hack spread, concerns about the country’s cybersecurity readiness and capacity to protect sensitive data surfaced.
Even though the breach left scars, a closer look reveals that vigilance, collaboration, and prompt action prevented the situation from escalating into severe chaos.
You can also read: Potential Cyber Attack on 15th August: Bangladesh Bank Urges to Maintain 24/7 Strict Monitoring
Bangladesh’s government organizations and private institutions showed remarkable resiliency by thwarting a significant number of the breach attempts despite the challenges posed by a group of Indian hackers. This revealed a robust security framework that had managed to reduce the potential impact from a larger data compromise.
The inevitable threat and chilling reality with minimized data breaches
Bangladesh e-Government Computer Incident Response Team (BGD e-GOVT CIRT) issued a press release on 3 August stating that a group of hackers identifying themselves as ‘Hacktivist’ had issued a warning that Bangladesh’s cyberspace would be attacked on 15 August. The hackers stated they would target Bangladesh and Pakistan’s cyberspace. The hackers claimed themselves to be Indian.
Aware of the reputational and financial risks at stake, government entities and private institutions were on high alert in response to their outrageous threat.
In addition, a press release issued by the CIRT on August 7 stated that cyber-attacks could disrupt the operations of State Critical Information Infrastructure, banks, financial institutions, healthcare institutions, government and private institutions. All afflicted organizations were instructed to take preventative measures against minor or moderate cyber attacks.
As the day arrived, 25 crucial government and private institutions in Bangladesh were targeted by a coordinated attack. The Investment Corporation of Bangladesh, the Directorate General of Health Services, TechnoCorp, FinTrust Bank, Ivybrook University, Cityscape High School, Kids Haven Preschool, MediCare Hospitals, BioGen Labs, the Department of National Security, the Ministry of Finance, the Bangladesh Bank, the Land Ministry’s Land Tax Portal, various police units, and ticketing platforms were among the notable targets.
Despite the hackers’ ceaseless efforts, their intrusions were met with substantial resistance. Cyber71, the Bangladeshi cybersecurity organization, emerged as a formidable force, fighting tirelessly against the assaults. If the government had not been on high alert, the potential data loss would have been far more catastrophic, highlighting the critical need for proactive measures to protect its digital frontiers. While the hackers claimed to have acquired sensitive information, the scope of the intrusion was limited by the vigilant efforts of government agencies and private businesses.
What were the collaborative approaches?
Its unified approach exemplified Bangladesh’s determination to combat the cyber threat. The formation of specialized Cyber Security Teams or Computer Emergency Response Teams (CERTs) by both government agencies and private companies demonstrates a concerted effort to improve cybersecurity measures. The Directorate General of Health Services, the Election Commission, Ganahaban, and the Titus Gas Transmission and Distribution Company were among the organizations that proactively established these teams in an effort to deter potential cyber assailants.
ICT division’s approach:
ICT divisions held a meeting with 29 organizations known as ‘critical information infrastructure’ on 9 August to discuss the security of vital information infrastructures. Organizations highlighted shortages of qualified IT personnel and requested assistance from the ICT division. The department acknowledged the difficulty of undertaking exhaustive IT vulnerability audits and suggested private sector collaboration.
Bangladesh e-GOVT CIRT’s proactive guidance:
The Bangladesh e-GOVT CIRT played a crucial role by not only alerting the nation to the impending threat, but also providing concrete recommendations for countermeasures. They urged organizations to take preventative measures against potential cyberattacks. Recognizing the possibility of disruptions to State Critical Information Infrastructure, banks, financial institutions, healthcare, and other critical sectors, the CIRT’s proactive approach lay the groundwork for mitigating the breach’s effects.
The Bangladesh Bank’s preemptive directive:
The Bangladesh Bank issued an eleven-point directive to all banks and financial institutions in the nation. This directive outlined a comprehensive set of measures to be adhered to in order to anticipate and defend against prospective cyber attacks. To ensure data integrity, these measures included continuous monitoring of network infrastructure, even outside of business hours. Certain internet-based services were temporarily suspended for maintenance purposes, demonstrating the bank’s unwavering dedication to digital defense.
Lessons learned: The path forward
According to the ‘Bangladesh Cyber Threat Landscape Report-2022’ published by BGD E-Gov Cert, inadequate infrastructure is responsible for the vast majority (91.6 percent) of cyber attacks or attempted cyber attacks within the country. Organizations are encouraged to evaluate cyber security audits conducted by private entities with vigilance and caution to ensure a comprehensive and effective assessment. Moreover, DDoS (Distributed Denial of Service) attacks have already affected a large number of websites across the nation since the cyber attacks. In a DDoS attack, a website is rendered inaccessible by overwhelming traffic.
The history of cyber attacks serves as a clear signal that no nation is immune to cyber threats, regardless of its size or technological development. Bangladesh’s proactive response demonstrates that cybersecurity is not solely a technological challenge; rather, it is a collaborative endeavor between government agencies, private businesses, and cybersecurity experts.
However, the breach also revealed vulnerabilities and development opportunities, compelling organizations to invest in the improvement of their cybersecurity infrastructure. Earlier, ICT State Minister Junaid Ahmed Palak had emphasized the vulnerability of vital information infrastructures and the necessity of heightened vigilance to thwart potential threats. New institutions were added to the roster of significant information infrastructures, bringing the total to 34. In conclusion, the recent coordinated cyber attack highlighted the ever-present threat posed by cybercriminals. Government and private institutions of Bangladesh, united in purpose, demonstrated remarkable resilience by minimizing the breach’s severity. This incident demonstrates the importance of digital preparedness and the continuing need to defend the nation’s digital frontiers.