Situational Awareness for Upcoming Durga Puja Holidays
Published on 30-Sep-2025 11:00:00
BGD e-GOV CIRT stands firm in its mission to secure the nation’s digital landscape. As Public holidays approaches, we anticipate an elevated risk of cyberattacks, with attackers likely to exploit relaxed monitoring during holidays. Our Cyber Threat Intelligence Unit has detected alarming malware activity, with 99,000 IP addresses infected last week alone. Key threats include Android malware variants, Trojan and Stealer malware.
In addition to ongoing malware activity, numerous systems remain highly vulnerable due to crucial weaknesses affecting 434,022 IP addresses, such as SSL misconfigurations and unprotected administrative interfaces. Unsecured passwords, outdated systems, and unpatched flaws, such as cve-2023-48795, create openings for serious attacks, including ransomware, data theft, and system breaches. To mitigate these threats, we call on all public and private sector organizations to strengthen their cybersecurity posture, especially during the holidays. Immediate actions include applying critical security patches, enforcing robust multi-factor authentication, and maintaining continuous, proactive monitoring.
To boost the cybersecurity resilience of infrastructure across Bangladesh, we strongly recommend that all organizations adopt the following enhanced measures:
- Maintain round-the-clock monitoring of systems, networks, and user activities.
- Deploy and regularly update advanced security tools like SIEM, WAF, and endpoint protection to counter attacks.
- Restrict remote access to encrypted VPNs with Multi-Factor Authentication (MFA).
- Block all traffic from untrusted or public networks.
- Keep software/servers current with updates, phase out unsupported applications, and promptly apply critical patches to address vulnerabilities.
- Maintain redundant backups and test recovery to ensure business continuity.
- Temporarily restrict non-essential access and disable unused or inactive accounts.
- Report any IOCs or suspicious activity to BGD e-GOV CIRT at cti@cirt.gov.bd or info@cirt.gov.bd