After the shocking $101 million cyber heist from its account with the Federal Reserve Bank of New York in February 2016, one would have assumed that the Bangladesh Bank would be running a tight ship as far as IT infrastructure is concerned.
Turns out, that is not the case.
On Sunday, the central bank issued an emergency cyber alert to its staff and officials after malware was detected in its server.
The reserve heist too happened because of a malware in the BB’s Swift-RTGS system, which gave the band of hackers an entry into the central bank’s server.
“Internet services have been temporarily withdrawn from the workstations for ordinary users owing to cybersecurity,” said an internal notice at the BB headquarters in the capital’s Motijheel on January 10.
And they are yet to get back the connection on their workstations, half a dozen BB officials confirmed to Dhaka Tribune yesterday.
If the internet is required for official purpose, the employees have been asked to place a request to the ICT Infrastructure Maintenance and Management Department with the approval of the appropriate authority, as per the notice.
Some malicious programme has detected in our server when the new antivirus software was installed, Muhammad Zakir Hasan, executive director of the BB’s ICT Infrastructure Maintenance and Management Department told Dhaka Tribune.
“As a precautionary measure, we suspended the internet service in the central bank,” he added.
However, the internet service is available in case of special services, he said, adding that the suspension is not hampering the BB’s work.
From next week, the internet will be back on for all users, Hasan added.
“Malware is a serious malicious virus. If it is detected in any organisation, hackers can see sensitive information,” said Tanvir Hassan Zoha, founder and managing director of Backdooor, a cybersecurity company.
A huge number of polluted malware has found its way into the network systems of many institutions in Bangladesh, including banks.
“If the malware is not snuffed out, a terrible digital disaster is about to strike in the coming days.”
Most banks have no security operation centre (SOC) to prevent cyberattacks, according to Zoha.
About 50 per cent of the banks in Bangladesh are at a high risk of a cyberattack, said a research paper of the Bangladesh Institute of Bank Management.
A lack of trained manpower and quick incident response are also the major reasons for cyberattacks, according to Zoha, also an assistant professor at the Bangladesh University of Business and Technology.
Banks in Bangladesh should emphasise on IT security as digital banking has been growing fast amid the ongoing pandemic, he added.
The central bank is in the process of building up a SOC, said Debdulal Roy, executive director of the BB’s Information Systems Development and Support Department.
“But only SOC is not adequate in preventing cyberattacks.”
About 80 per cent of cybersecurity is dependent on skilled and trained manpower, Roy said.
“Beefing up IT security is a constant process as new malicious viruses are coming up every day,” he added.
