InfoSecBulletin Cybersecurity for mankind
Bangladesh Bank issues alert on cyber threat. In its alert the central bank said, according to Bangladesh cyber security intelligence (BCSI)’s observation, some banks customers are victim to unauthorized transaction through Facebook ad manager.
In this situation, Bangladesh Bank notifies the banks to take precautionary action to secure the account as well as advise to the followings:
Eight New ICS Advisories released by CISA
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
London-based company “Builder.ai” reportedly exposed 1.2 TB data
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA
CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability
U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports
Daily Security Update Dated: 18.12.2024
CISA released best practices to secure Microsoft 365 Cloud environments
Data breach! Ireland fines Meta $264 million, Australia $50m
i. Information Sharing: Notify to Bangladesh Bank in case of any potential data breach or ransomware
attack immediately. Send information about detailed account of any related incidents, including the
scope, affected data, and any steps taken to address the issue.
ii. Enhanced Verification: Use enhanced security methods, such as biometric authentication and required
CVV verification for each transaction.
iii. Use of OTP: Use One Time Password (OTP) for each transaction.
iv. Use of2FA/MFA: Use 2FA/MFA for any financial transaction.
v. Limit Number of Attempts: Determine how many times a card number can fail verification before
being blocked or blacklisted.
vi. Advanced Fraud Detection Systems: Use Al and machine learning (if possible) to detect unusual
trends in Bank Identification Number (BIN) attacks.
vii. Monitor Transaction Patterns: Regularly examine transaction patterns for irregularities that could
indicate a BIN attack, such as an unexpectedly high number of denied transactions.
viii. Secure BIN Sharing: Limit the amount of BIN data exchanged with merchants and keep it safe to avoid unauthorized access.
ix. Aware of false QR Code: Aware customer and banks employees of false QR Code (e.g. Qshing Attacks).
x. Educate Merchants: Give merchants training and tools on how to detect and respond to potential BIN attacks.
xi. Internal Assessment: Conduct an immediate internal vulnerability and compromise assessment within
your Bank to ensure the security of your systems and data. Indentify any vulnerabilities or potential areas of concern that that may make you susceptible to ransomware attacks.
xii. Cyber Security Measures: Review and reinforce your existing cyber security measures, including firewalls, intrusion detection systems, intrusion prevention systems, and access controls. Ensure they are up to date and capable of withstanding evolving cyber threats. Ensure robust security measures in place to protect your sensitive data and to have plan in place to address a potential data breach or ransomware attack.
xiii. Security Awareness: Conduct regular security awareness training for your employees to educate then on identifying and mitigating potential cyber security threats, such as phishing emails or suspicious attachments.
xiv. Incident Response Planning: Enhance your incident response plan to include specific steps for responding to data breaches and ransomware attacks. Ensure protocols are in place for isolating affected systems, engaging with relevant authorities, and communicating with stakeholders.
xv. Patches Update: Install Patches and Update Software and systems regularly. Ensure Security of website and web based systems, ensure the security of all workstations and endpoints of your bank
xvi. Monitoring by 24/7: Ensure strict network and user activity monitoring by 24/7, especially during non- office hours, and watch out for any indication of data exfiltration.
xvii. Collaboration: Establish a collaborative approach among the relevant organizations, cyber security
experts, and authorities to share information, best practices, and resources in addressing potential threats.
Bangladeshi Social media flooded with unauthorized withdrawals from bank accounts
