InfoSecBulletin Cybersecurity for mankind
Bangladesh Bank issues alert on cyber threat. In its alert the central bank said, according to Bangladesh cyber security intelligence (BCSI)’s observation, some banks customers are victim to unauthorized transaction through Facebook ad manager.
In this situation, Bangladesh Bank notifies the banks to take precautionary action to secure the account as well as advise to the followings:
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
i. Information Sharing: Notify to Bangladesh Bank in case of any potential data breach or ransomware
attack immediately. Send information about detailed account of any related incidents, including the
scope, affected data, and any steps taken to address the issue.
ii. Enhanced Verification: Use enhanced security methods, such as biometric authentication and required
CVV verification for each transaction.
iii. Use of OTP: Use One Time Password (OTP) for each transaction.
iv. Use of2FA/MFA: Use 2FA/MFA for any financial transaction.
v. Limit Number of Attempts: Determine how many times a card number can fail verification before
being blocked or blacklisted.
vi. Advanced Fraud Detection Systems: Use Al and machine learning (if possible) to detect unusual
trends in Bank Identification Number (BIN) attacks.
vii. Monitor Transaction Patterns: Regularly examine transaction patterns for irregularities that could
indicate a BIN attack, such as an unexpectedly high number of denied transactions.
viii. Secure BIN Sharing: Limit the amount of BIN data exchanged with merchants and keep it safe to avoid unauthorized access.
ix. Aware of false QR Code: Aware customer and banks employees of false QR Code (e.g. Qshing Attacks).
x. Educate Merchants: Give merchants training and tools on how to detect and respond to potential BIN attacks.
xi. Internal Assessment: Conduct an immediate internal vulnerability and compromise assessment within
your Bank to ensure the security of your systems and data. Indentify any vulnerabilities or potential areas of concern that that may make you susceptible to ransomware attacks.
xii. Cyber Security Measures: Review and reinforce your existing cyber security measures, including firewalls, intrusion detection systems, intrusion prevention systems, and access controls. Ensure they are up to date and capable of withstanding evolving cyber threats. Ensure robust security measures in place to protect your sensitive data and to have plan in place to address a potential data breach or ransomware attack.
xiii. Security Awareness: Conduct regular security awareness training for your employees to educate then on identifying and mitigating potential cyber security threats, such as phishing emails or suspicious attachments.
xiv. Incident Response Planning: Enhance your incident response plan to include specific steps for responding to data breaches and ransomware attacks. Ensure protocols are in place for isolating affected systems, engaging with relevant authorities, and communicating with stakeholders.
xv. Patches Update: Install Patches and Update Software and systems regularly. Ensure Security of website and web based systems, ensure the security of all workstations and endpoints of your bank
xvi. Monitoring by 24/7: Ensure strict network and user activity monitoring by 24/7, especially during non- office hours, and watch out for any indication of data exfiltration.
xvii. Collaboration: Establish a collaborative approach among the relevant organizations, cyber security
experts, and authorities to share information, best practices, and resources in addressing potential threats.
Bangladeshi Social media flooded with unauthorized withdrawals from bank accounts
