Poor cyber security puts banks in Bangladesh at peril

The banking sector in Bangladesh is at risk amid increasing incidents of cyber threats and hacking attempts, as most banks operating in the country do not have the resources and strategies to deal with them and lack skilled manpower and the monitoring system needed to prevent such attacks. Cyber security is now a major area of concern for the banking industry, with repeated hacking attempts, phishing attacks, malware attacks, OTP bypassing, and exposure of banking-related data to dark websites.

Syed Mahbubur Rahman, managing director and chief executive officer of Mutual Trust Bank Limited, said that the cyber security vulnerabilities in Bangladesh’s banking sector are similar to those in other countries. He insisted that due to lower investments in technology, banks in Bangladesh were at a higher risk of cyber-attacks. As the former chairman of the Association of Bankers, Bangladesh, Mahbubur suggested that banks continue investing in technology and upgrading their systems to adapt to evolving hacking patterns.

He emphasized the importance of proactive system modifications rather than waiting for attacks to occur. According to a study in 2022 by the threat intelligence unit of the Bangladesh Government’s Computer Incident Response Team (BGD e-GOV CIRT), almost all banks have been running one or more vulnerable services and weak authentication systems, which may lead to potential cyber-attacks. The study found that financial services were at 300 times higher risk of being the victim of cyber-attacks than other organizations.

After the $81 million reserve heist from the Bangladesh Bank account to the Federal Reserve Bank in the United States in 2016, there have been many discussions about ensuring cyber security in the banking sector. The sector, however, has hardly made desirable progress in securing the system, said cyber security firm Backdoor Private Limited managing director and cyber security researcher Tanvir Hassan Zoha.

Installing the Security Operation Centre was one of the key instructions from Bangladesh Bank to secure the banking sector, as hackers were out to steal money by using malware and ransomware. Most of the banks, however, have yet to install the SOC in compliance with the central bank’s instructions, resulting in an increase in incidents of cyber-attacks, said Tanvir.

He said that phishing attacks, OTP bypassing to collect banks’ data and users’ banking card details, and ransomware attacks are among the most common practices.BGD-e-GOV CIRT data showed that the banking sector has been facing an increasing number of cyber-attacks. Bangladesh Bank and other financial institutions faced 31 cyber threat alerts in 2021, while the number increased to 46 the following year.

Amid cyber attack threats recently, Bangladesh Bank shut down some web-based services of the central bank from 8:00 pm on August 14 to 8:00 am on August 16. In 2019, three local private banks in Bangladesh suffered major cyber-attacks where hackers stole up to $3 million from cash machines in Cyprus, Russia, and Ukraine using cloned credit cards, according to BGD e-GOV CIRT’s report titled Bangladesh Cyber Threat Landscape-2022.

The government agency’s cyber surveillance in 2022 discovered 3,639 bank cards on the dark web issued by different Bangladeshi banks. In addition, BGD e-GOV CIRT identified vulnerabilities in bank infrastructure. Financial institutions in Bangladesh may lose up to $4,36,68,000 if these cards are found on the dark web. An official of the Criminal Investigation Department involved in the investigation process of the Bangladesh Bank reserve heist told New Age that there had been many incidents of cyber-attacks in banks, but the authorities suppressed those incidents in fear of reputational damage.

The CID officer said that the banking authorities surprisingly don’t show enthusiasm for investing in strong cyber security measures and hiring highly skilled manpower. The banks don’t have forensic labs. So, identifying the sources and nature of the cyber-attacks remains difficult, the CID officer said. ‘A huge number of malware and phasing links illegally entered the network systems of various banks in our country. If we cannot identify and pull out the malware on time, it may cause disaster,’ he warned.

Police investigators said that due to a poor security system, inside actors also get involved at times to manipulate the system and swindle money. In late January 2022, 10 persons, including Zakir Hossain, the then SME sales team manager at Dutch-Bangla Bank’s Karwan Bazar branch, were arrested allegedly for attempting to transfer Tk 6 crore from the account of a director of Walton with the bank to another account by forging signatures and information through the electronic funds transfer system.

Bank card hacking remains another major concern for digital financial security, as such forgeries have become more widespread. Dhaka Metropolitan Police Detective Branch deputy commissioner for cyber and special crimes, Tarek Ahmed, told New Age that there had been an increasing number of complaints about financial crimes, including scams and swindling with Mobile Financial Services and bank card forgery. He said that hackers manipulate cards through phishing attacks and put those on dark websites, and sometimes bank officials also get involved in card forgery by taking the OTP password.

BGD-e-GOV CIRT media official Sukanta Chakraborty told New Age that bank cards get hacked at both the user and bank ends. ‘During our cyber surveillance and monitoring, we detected many card details on dark websites and immediately informed the relevant banks to take action,’ said Sukanta.

Cyber security researcher Tanvir said that the Payment Card Industry Data Security Standard (PCI DSS) was required to avoid bank card hacking, but Bangladeshi banks had yet to introduce the security system. Due to the fear of cyber hacking, Tanvir said most banks are restricting their cards and strengthening their security measures. But most of these banks have no idea what the actual risk is.

BGD e-GOV CIRT officials said that during regular surveillance, they found core banking systems and internet banking gateways accessible through the internet, which exposes the total deposits of these financial institutions to hacking.

According to a study conducted in 2022 by the Bangladesh Institute of Bank Management, 52 percent of banks in the country are at high cyber security risk.The risk of cyber hacking increases mainly due to a shortage of investment in strengthening security measures and a lack of skilled human resources, said Md Mahbubur Rahman Alam, an associate professor at BIBM who was involved in the research.

Mahbubur told New Age that over the years, many recommendations were made to the authorities of different banks, but most recommendations remained unimplemented. He said that most of the banks have yet to install a SOC or forensic lab. A few banks have installed those security measures but on a small scale. ‘The banking sector does not get enough skilled human resources from universities with high knowledge of cyber security. There are some skilled manpower, but banks cannot keep them in service for long as they go abroad or switch jobs with better facilities,’ said Mahbubur.

The banks also don’t feel interested in investing a large amount in cyber security, and they don’t feel pressure until the central bank exerts force on them, he said.

Bangladesh Bank spokesperson and executive director Md Mezbaul Haque told New Age that banks had been instructed to establish technological infrastructure in line with the ICT guidelines.

By diligently adhering to these guidelines, banks have the potential to significantly reduce cyber threats, he stated.

He, however, said that no one could guarantee that cyber-attacks would never occur.

He explained that the capacity of technological infrastructure varied from one bank to another, depending on their financial capabilities and business operations.

Furthermore, banks were told to develop their infrastructure while taking into account their operational patterns and risk factors, he said.

He said that Bangladesh Bank was continuously monitoring potential cyber-attacks on banking systems and providing advice to banks on the matter.

Currently, there are 61 scheduled banks operating in the country, with 50 being commercial banks, two specialized banks, and nine foreign banks.

Image by: Pexels

Shopping Cart

Media Kit

    Data Protection

    Personal Data (“Data”) submitted for Media Kit (“Media Kit”), and/or collected in the form of first name, last name, email address and other contact details may be used for the purposes of inviting you to future events and for reaching out to you with content which may be of interest to you. For these purposes, The Digital Banker will share the Data with our associate companies (including event and content sponsors) to promote their products and services. You will also be automatically subscribed as a user on www.thedigitalbanker.com. If you would like to opt-out, email us at [email protected].

    By clicking Submit, you acknowledge that you consent/ have sufficient informed consent to the collection, use and disclosure of Data as set out above.

    The Digital Banker Summit

    Moving on from FTX: is 2023 the year of CBDCs?

    Indonesia, Jakarta

    Thailand, Bangkok

    Philippines, Manila

    Contact Us

      Data Protection

      The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

      Request Nomination Pack

        Data Protection

        The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

        Registration Form

          Data Protection

          The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

          Registration Form

            Data Protection

            The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

            Registration Form

              Data Protection

              The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

              Registration Form

                Data Protection

                The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

                Registration Form

                  Data Protection

                  The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

                  The world’s preeminent Private Banks and Wealth Managers are demonstrating a committed drive in innovation, advisory, new products and services to meet the sophisticated needs of their clients.

                  COVID-19
                  Amid economic activity revival on the back of the Covid-19 vaccine program, organisations moving from business continuity plans to stable working environments, together with the slightest improvement in unemployment numbers, forced the world to adjust to new realities. Coming to terms with the “new normal”, global investors are now on the look-out for attractive and stable investment opportunities.

                  Needs of Private Wealth customers and families worldwide have drastically changed due to the pandemic and banks have had to accelerate efforts to deploy a multi-channel service strategy and safeguard clients’ businesses and wealth against negative impacts of economic uncertainly.

                  The Global Private Banking Innovation Awards will recognise the world’s best private banks, wealth managers and asset managers that are championing innovation across advisory, service, products, customer experience and more.

                  Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. 

                  Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

                  Request Nomination Pack

                  Error: Contact form not found.