InfoSecBulletin Cybersecurity for mankind
A recent dark web scan revealed that customer data from Dhaka Electric Supply Company Limited (DESCO) has been exposed. The breach affects 110,856 users and includes sensitive information like Customer Number, Name, Email, Address, and Mobile Number.
The exposure of this data on the dark web poses several risks like:
CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE
Apple Releases Patch for two Actively Exploited Zero-Day
Maxar Space Data Leak, Company admit, Investigation ongoing!
GitHub CLI Vulnerability Could Allow RCE
“Sarcoma” ransomware group
Hacker to disclose “Popular Life Insurance” 36 GB of stolen data
BugHunt 2024: A Milestone Cyber security Competition held at Dhaka
TP-Link DHCP Vulnerability Allow Attackers Takeover Routers Remotely
WSJ reports
T-Mobile hacked in massive breach of telecom networks
Palo Alto Networks Confirms critical RCE zero-day actively exploited
CISA, FBI Warns
Hacker compromised multiple teleco network at US
Operational Disruption: Unauthorized access to internal systems may cause major problems, harming the city’s economy and public services.
Espionage and Surveillance: Electricity usage data can show habits of people or organizations, which could be used for spying or planning physical sabotage.
Targeted Disruptions: Attackers could interfere with billing or services, leading to outages in certain areas or disrupting power to essential facilities.
Identity Theft: Sensitive information could be stolen and used to harm customers financially and personally.
To enhance the security of Dhaka Electric Supply Company Limited’s (DESCO) IT systems, BCSI suggests a broader strategy than just standard vulnerability assessments that often use automated tools. Many VAPT companies rely heavily on automated scanners, which can overlook complex vulnerabilities and advanced threats. While these tools are helpful, they cannot substitute for the expertise of experienced cybersecurity professionals in identifying and addressing sophisticated attacks.
To protect, DESCO should take robust cybersecurity actions and to collaborate with cyber security experts who have practical experience in protecting critical infrastructures. By implementing a strong defense strategy that involves continuous network monitoring, incident response planning, threat intelligence sharing, and regular security audits, DESCO can significantly enhance their ability to withstand cyber threats.
Dhaka Electric Supply Company Limited (DESCO) plays a vital role in providing electricity to a large part of Dhaka, which is essential for the city’s economy and daily life. The customer data it holds, such as names, contact numbers, addresses, billing details, and electricity usage, is sensitive and important for managing services.
Prior to that, In june-2023 The official verified Facebook page of Dhaka Electric Supply Company Limited (DESCO) was hacked. At that time, while visiting the page it was seen that the hackers had written slogans of Bangabandhu’s age-old Dabaya, Parba Naa.
(to be continued)
