• Friday, Feb 26, 2021
  • Last Update : 03:32 pm

Hackers smash into Beximco Group’s IT infrastructure

  • Published at 12:05 am January 21st, 2021
Beximco cyber attack

ALTDOS operates mainly in the ASEAN region and has been involved in cyberattacks in stock exchanges and financial institutes in different countries

Beximco, one of the leading business groups of Bangladesh, has become a victim of a cyberattack by a band of hackers who go by the name of ALTDOS, according to DataBreaches.net.

ALTDOS operates mainly in the ASEAN region and has been involved in cyber attacks in stock exchanges and financial institutes in different countries, including Thailand, Bangladesh, Philippines and Malaysia.

“In total, ALTDOS has stolen hundreds of gigabytes of files, source coding and databases from 34 of Beximco websites, including its telecom subsidy—BOL-ONLINE.COM,” a spokesperson of the hacker group was quoted by DataBreachs.com that released a story on the hacking on Tuesday.  

As proof, the group provided two samples of data and screencaps. 

Earlier on January 10, the central bank issued an emergency cyber alert to its staff and officials after malware was detected in its server, which resulted in internet connection being cut off in the Bangladesh Bank headquarters for a week.

The $101 million cyber heist from the BB’s account with the Federal Reserve Bank of New York in February 2016, also happened because of a malware in the central bank’s Swift-RTGS system, which gave the band of hackers an entry into the central bank’s server.

But none of the data stolen by ALTDOS appeared super-sensitive although one of the files contained employee attendance information from September 24, 2018 to May 2019.

The stolen data include 56,000 payment records. However, there was nothing in there that would be problematic. 

The other information stolen are names, departments, emails, IDs and attendance of 65,000. 

There is no evidence that the hackers obtained any corporate IP, trade secrets or confidential communications from any of the conglomerate’s divisions.

Mohammad Asad Ullah, executive director and company secretary of Beximco Group, denied the incident of data breach altogether.

“Our website is OK,” he told Dhaka Tribune on Wednesday.

When alerted of the report on DataBreaches.net, he said: “The IT department is looking into the matter. Details can be told later.”

"On 12th January 2021 midnight, a security breach was detected in a public domain content server, which hosts some of the company websites of Beximco Group. Within 20 minutes following the incident, the server’s control was regained from the attackers and within the next five hours the contents were restored and the websites were back online," the company said in a statement on Friday,

The impacted server is not connected with any of Beximco Group's internal networks, it added.

Backdoor Private, a cybersecurity firm, has done quick research on the hacking incident and found various websites of Beximco are weak and outdated, which resulted in the hacking.

“Malware is still existing in its internal network, meaning more sensitive data can be breached. Immediate measures should be taken to remove the malware from the system,” Tanvir Hassan Zoha, managing director of Backdoor, told Dhaka Tribune.

He suggested for necessary actions to build real-time monitoring to protect its system from future compromise. 

“This incident should be investigated properly to know how it happened,” he added.

According to Digital Security Act 2018, victims of hacking should seek legal action about the incident so that it is properly investigated and the culprits are detected and punished. 

Unfortunately, in Bangladesh incidents of hackings or cyberattacks are hardly reported.

The hacking in Beximco is a clear signal to various government and private institutions whose sites and systems are not secured. 

Often, the BB issues alerts about potential cyberattacks. Last year, several banks suspended transactions through ATM booths to prevent cyberattacks.

Cybersecurity experts say everybody, including banks and financial institutions, should follow the digital security policy given by the government. 

They should establish incident response teams with proper digital forensic tools and trained human resources according to ISO compliances to make their systems hygiene. 

The Digital Security Policy 2020 states that an organisation handling public-sensitive information have to establish a forensic lab having the standard of ISO/IEC/BDS 17025, ISO/IEC/BDS 15489, ISO/IEC/BDS 27037, ISO/IEC/BDS 27041, ISO/IEC/BDS 27042, ISO/IEC/BDS 27043, ISO/IEC/BDS 27050.

Nowadays, many corporate houses are using cloud computing for faster data connectivity but they cannot allow the transfer of data to the cloud of other countries without the permission of Digital Security Agency. 

Many Bangladeshi companies do not follow the procedure, which cybersecurity analysts think may cause a data breach.

196
Facebook 182
blogger sharing button blogger
buffer sharing button buffer
diaspora sharing button diaspora
digg sharing button digg
douban sharing button douban
email sharing button email
evernote sharing button evernote
flipboard sharing button flipboard
pocket sharing button getpocket
github sharing button github
gmail sharing button gmail
googlebookmarks sharing button googlebookmarks
hackernews sharing button hackernews
instapaper sharing button instapaper
line sharing button line
linkedin sharing button linkedin
livejournal sharing button livejournal
mailru sharing button mailru
medium sharing button medium
meneame sharing button meneame
messenger sharing button messenger
odnoklassniki sharing button odnoklassniki
pinterest sharing button pinterest
print sharing button print
qzone sharing button qzone
reddit sharing button reddit
refind sharing button refind
renren sharing button renren
skype sharing button skype
snapchat sharing button snapchat
surfingbird sharing button surfingbird
telegram sharing button telegram
tumblr sharing button tumblr
twitter sharing button twitter
vk sharing button vk
wechat sharing button wechat
weibo sharing button weibo
whatsapp sharing button whatsapp
wordpress sharing button wordpress
xing sharing button xing
yahoomail sharing button yahoomail