InfoSecBulletin Cybersecurity for mankind
A recent dark web scan revealed that customer data from Dhaka Electric Supply Company Limited (DESCO) has been exposed. The breach affects 110,856 users and includes sensitive information like Customer Number, Name, Email, Address, and Mobile Number.
The exposure of this data on the dark web poses several risks like:
Eight New ICS Advisories released by CISA
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
London-based company “Builder.ai” reportedly exposed 1.2 TB data
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA
CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability
U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports
Daily Security Update Dated: 18.12.2024
CISA released best practices to secure Microsoft 365 Cloud environments
Data breach! Ireland fines Meta $264 million, Australia $50m
Operational Disruption: Unauthorized access to internal systems may cause major problems, harming the city’s economy and public services.
Espionage and Surveillance: Electricity usage data can show habits of people or organizations, which could be used for spying or planning physical sabotage.
Targeted Disruptions: Attackers could interfere with billing or services, leading to outages in certain areas or disrupting power to essential facilities.
Identity Theft: Sensitive information could be stolen and used to harm customers financially and personally.
To enhance the security of Dhaka Electric Supply Company Limited’s (DESCO) IT systems, BCSI suggests a broader strategy than just standard vulnerability assessments that often use automated tools. Many VAPT companies rely heavily on automated scanners, which can overlook complex vulnerabilities and advanced threats. While these tools are helpful, they cannot substitute for the expertise of experienced cybersecurity professionals in identifying and addressing sophisticated attacks.
To protect, DESCO should take robust cybersecurity actions and to collaborate with cyber security experts who have practical experience in protecting critical infrastructures. By implementing a strong defense strategy that involves continuous network monitoring, incident response planning, threat intelligence sharing, and regular security audits, DESCO can significantly enhance their ability to withstand cyber threats.
Dhaka Electric Supply Company Limited (DESCO) plays a vital role in providing electricity to a large part of Dhaka, which is essential for the city’s economy and daily life. The customer data it holds, such as names, contact numbers, addresses, billing details, and electricity usage, is sensitive and important for managing services.
Prior to that, In june-2023 The official verified Facebook page of Dhaka Electric Supply Company Limited (DESCO) was hacked. At that time, while visiting the page it was seen that the hackers had written slogans of Bangabandhu’s age-old Dabaya, Parba Naa.
(to be continued)
