The Bangladesh Government's Computer Incident Response Team (BGD e-GOV CIRT) emphasizes the need for enhanced cybersecurity measures across various sectors to protect critical information infrastructures (CII), banks, financial institutions, healthcare facilities, and both government and private organizations from potential cyber threats. In 2024, a notable industrial and financial sector in Bangladesh reported being targeted by ransomware. Additionally, a rise in web defacement and exploitation of web application vulnerabilities in Bangladesh poses significant threats, often resulting in data breaches and the exfiltration of personally identifiable information (PII). These vulnerabilities can be leveraged for phishing, malware distribution, and establishing persistent backdoors, severely compromising the integrity and security of affected systems. Therefore, BGD e-GOV CIRT urges all organizations to enhance cybersecurity protocols, implement necessary patches, maintain vigilance against suspicious activities, and educate staff on cybersecurity best practices to mitigate risks and ensure the security of IT operations during the holiday season.

Top targeted organization type

i. Government & Law Enforcement Agencies (LEA)

ii. Banking and Non-Bank Financial Institutions (NBFI)

iii. Industrial Organizations

iv. Education Sector

Top detected attack types

i. Phishing: Notable sophisticated phishing campaigns have targeted

Government & LEA sectors.

ii. Ransomware: Significant incidents were reported in 2024 affecting industrial and financial organizations.

iii. Web Defacements: There has been a surge in attacks exploiting

vulnerabilities in web applications.

iv. Exploited Exposed Vulnerabilities: Significant increase of exploited

vulnerabilities leading to widespread attacks.

v. DDoS: Despite a decline in intensity compared to previous years, DDoS

attacks remain prevalent.

vi. Credential theft: Info stealers are on the rise in Bangladesh cyberspace, with stealers such as Redline and Azorult are the most prevalent

Top Threat Actors

i. South Asian based hacktivists

ii. APT Threat Actors such as ‘SideWinder’

iii. Prolific ransomware gangs

iv. Script kiddies specializing in credential harvesting

Recommended Guidelines

All government, LEAs and financial organizations in Bangladesh are requested to follow the below measures to ensure their infrastructure security:

1. Maintain 24/7 network and user activity monitoring, especially during non-office hours, to detect signs of data exfiltration, unusual patterns indicating lateral movement, or command and control activities.
2. Ensure all internet-facing applications and services are correctly configured and regularly patched to reduce the attack surface and limit potential exploitation by attackers.
3. Securely configure essential services like DNS, NTP, and network middleboxes such as firewalls to prevent exposure to the internet.
4. Educate users on best practices for password policies and discourage the use of corporate emails on external platforms to mitigate security risks.
5. Provide comprehensive Information and Cyber Security awareness training to all employees, customers, and consumers to encourage reporting of anomalies or suspicious activities.
6. Conduct regular Vulnerability Assessment and Penetration Testing (VAPT) across all systems to identify and address potential security weaknesses.
7. Implement need-to-know access controls to minimize the attack surface and enhance overall security posture.
8. Strengthen your organization's ability to combat evolving cyber threats through continuous improvement of cybersecurity capabilities.
9. Promptly report any detected Indicators of Compromise (IOCs) or suspicious activities to BGD e-GOV CIRT for collaborative response via email at info@cirt.gov.bd .