What's new

Cyber attacks hit over 200 organizations including Bangladesh Bank, BTRC

SpaceMan18

BANNED
Joined
Aug 10, 2020
Messages
2,339
Reaction score
0
Country
Bangladesh
Location
United States


  • Published at 05:58 pm April 2nd, 2021
WEB_Cybersecurity

File Photo: Silhouettes of laptop users are seen next to a screen projection of binary code are seen in this picture illustration taken March 28, 2018 Reuters
Govt’s cyber threat report asks organizations to check vulnerability and take measures
A hacker group called ‘Hafnium’ has launched attacks on more than 200 ogranizations in Bangladesh, including Bangladesh Telecommunication Regulatory Commission (BTRC), Bangladesh Bank, commercial banks, and internet service providers.
BGD e-GOV CIRT, the e-Government Computer Incident Response Team, and Bangladesh Computer Council (BCC) informed about the attacks through a cyber threat report on Thursday night.
The report said the hacker group made the attacks last month.
“We were just trying to see global attacks but then through research we found that it has also attacked us. Later, we uploaded the recovery system on our website,” Tarique M Barkatullah, director, BCC and project director, BGD e-Gov CIRT, told Dhaka Tribune.
He said: “A malware is inserted through Microsoft Exchange Server. Although, no money has been stolen yet but information has been leaked which creates a fear of huge financial loss or stealing of money in future.”
However, companies can recover themselves from this attack by using the Hafnium exploit file, he added.
Hafnium
According to the Bangladesh Computer Council (BCC), the threat actor behind the malware is known as “Hafnium”. It is also observed that, there are activities of several hacker groups that exploit vulnerabilities in Microsoft Exchange Server.
Hafnium, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.
However, an alert on this attack has also been given on the Microsoft website on Friday.
The alert said Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks.
In the attacks observed, the threat actor used these vulnerabilities to access on-premises exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments.
Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to Hafnium.
Also read - Hackers have eye on 6 Bangladeshi organisations
The BGD e-GOV CIRT has asked a number of state-owned and private organizations to carry out scans of their mail servers to see if any malware had been injected into their system and to believe that they have been compromised if such malware was found.
Hafnium has carried out such attacks around 100,000 companies across the globe.
Hafnium primarily targets entities in the United States across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs.
This group has overlaps in tactics and technique with other Chinese hacker groups. If we establish an exact match with another known group, we will supplement it with this profile, said BCC.
It also attacked Germany, Canada, France, Belgium, Italy, Hong Kong, South Korea, Turkey, United Arab Emirates and Israel etc.
Their targeted industries or sectors are banking and finance, government-local healthcare, law and law enforcement agencies, defense, heavy industries and engineering, aerospace, science-and-education: universities and colleges, energy & power and non-profit.
On March 15, Chile's bank regulator was compromised through ProxyLogon vulnerabilities in Microsoft Exchange Server, according to Comisión para el Mercado Financiero (CMF).
Measures to protect
Some Bangladeshi organizations running Microsoft Exchange Server have also been compromised by the cyber attacks, said BGD e-GOV CIRT in an advisory.
BGD e-GOV CIRT said all the organizations are requested to take action measures such as run newly developed tools —Microsoft’s “Test-ProxyLogon.ps1 script” and Safety Scanner “MSERT”—to investigate whether their Microsoft Exchange Servers have been compromised.
Maintain up-to-date antivirus signatures and engines, keep operating system patches up-to-date, disable file and printer sharing services.
“If these services are required, use strong passwords or active directory authentication. Restrict users' ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators group unless required. Enforce a strong password policy and implement regular password changes,” said the advisory.
“Exercise caution when opening email attachments even if the attachment is expected and the sender appears to be known. Report or inform BGD e-GOV CIRT regarding any incident or issues to work in collaborated fashion through https://www.cirt.gov.bd/incident-reporting/, “ it added.
 
.
This Hafnium threat is about three weeks old.

As usual Bangladesh Computer Council and the Local CERT entity has been sitting on their a$$ and not forthcoming with any patching directives.

Pathetic.
 
.
This is so far the best company in Indonesia to provide internet security for institution, businesses, and government.


Private owned company focusing in IT security

Noosc

We provide real and positive security.


At Noosc, we believe security must not impede progress and freedom. Instead, like physical health exam report will give you the confidence to try new sports and exercises, our managed services will help you take more calculated risks based on informed decision, in order to maximize the use of technology for your business.

Noosc | Managed Security Services | Home

www.noosc.co.id
www.noosc.co.id


Noosc is not your typical Indonesian security services company. Operational security is all we focus on — and that makes us exceptionally good.

Our team of experts have gained myriad of loyal clients, including major national and multinational companies, banks and financial institutions, telecommunication companies, security-sensitive government agencies, resource-strap non-governmental agencies, retail companies, and many more.

Started in 2010, through strategic partnership we have now become a preferred managed security services provider in Indonesia serving several of the largest financial and service institutions in the country.

Some of our key advantages:

  • Dedicated 24x7 Security Operation Centre with disaster recovery protection
  • Expert professionals, verifiable international credentials & records
  • Best-practice, service-level driven delivery process (ISO27001 compliant)
  • Active R&D investment covering new emerging security threats & technologies

1610757394687.png



Noosc | Managed Security Services | About Us

www.noosc.co.id
www.noosc.co.id

------------------------------------------------------------------------------------

Jim Geovedi is the brain of the company


1610757929682.png



Jim Geovedi (born 28 June 1979), is an IT security expert from Indonesia who focuses on the discovery of computer and network security vulnerabilities. BBC News described him as a guy who "doesn't look like a Bond villain... but possesses secrets that some of them might kill for".[1]


Career

Information security

Geovedi co-founded and ran several IT security consulting companies. In 2001, he co-founded C2PRO Consulting, providing general IT consulting mostly for government agencies and, in 2004, co-founded Bellua Asia Pacific, (renamed Xynexis International later in 2010) and Noosc Global, a managed security services company. He was part of hackers group that began in 1996 called w00w00, where he met the future co-founder of Bellua, Anthony Zboralski.

He is currently based in London and has been interviewed on issues including: satellite security system,[1][2][3] banking security[4] and law enforcement.[5][6]

Jim Geovedi - Wikipedia
 
.

Pakistan Defence Latest Posts

Back
Top Bottom