Ransomware Attack to Service
Providers of
Financial Institutions
�[This page is intentionally left blank]
� TLP: CLEAR
Distribution: Public
Type of Threat: Ransomware
Date: 01 August 2024
Executive Summary
The BGD e-GOV CIRT team has observed a significant increase in global cyber-attacks target
service providers that exclusively serve financial institutions. A recent ransomware attack on
a technology service provider has led to the temporary shutdown of payment systems across
nearly 300 financial institutions in a neighboring country. This alarming trend highlights the
critical need for enhanced cybersecurity measures.
Targeted Sectors:
Banking and Non-Banking Financial Institutions of Bangladesh
Corresponding Service Providers to Financial Institutions
Actions Required:
To mitigate the risk of potential cyber-attacks, BGD e-GOV CIRT recommends the following
measures:
1. Update and Patch Systems: Ensure all systems, applications, and devices are up-to-
date with the latest security patches.
2. Enhance Network Security: Implement robust firewalls and intrusion
detection/prevention systems (IDS/IPS) and monitor network traffic for unusual
activities.
3. Backup Critical Data: Maintain regular, secure backups of critical data. Ensure backups
are stored offline and tested for integrity and availability and regularly test backup
restoration procedures and store backups in a separate, secure location.
4. Employee Awareness and Training: Conduct regular cybersecurity awareness training
for employees. Educate staff on recognizing phishing attempts and other social
engineering tactics.
5. Collaboration and Information Sharing: Collaborate with industry peers and
cybersecurity organizations. Share threat intelligence and stay informed about the
latest cyber threats.
6. Access Control Policies: Define clear access control policies specifying what resources,
systems, and data third-party employees can access. Use role-based access controls
(RBAC) to assign permissions based on specific job responsibilities and isolate third-
party access to specific segments or VLANs required for their tasks.
Page 1 of 2
� 7. VPN and Remote Access Policies: Implement a Virtual Private Network (VPN) for
third-party employees requiring remote access and enforce MFA for accessing
sensitive systems and data.
8. Device Management: Enforce policies for devices used by third-party employees,
including up-to-date security software and endpoint protection and ensure
compliance with the organization's security standards.
9. Temporary Credentials: Issue temporary credentials to third-party employees with
limited validity periods. Regularly review and renew these credentials based on the
duration of their engagement.
10. Monitoring and Auditing: Implement monitoring and auditing mechanisms to track
the activities of third-party employees on the network. Log access attempts,
configuration changes, and any suspicious behavior.
11. Contractual Agreements: Clearly define security requirements in contractual
agreements with third-party vendors. Specify the security measures they must adhere
to and the consequences for non-compliance.
12. Third-Party Incident Response Plan: Develop and communicate an incident response
plan to perform in case of a security incident/breach in a third party and ensure
awareness of reporting procedures.
13. Report Incidents: Report or inform BGD e-GOV CIRT regarding any cyber incident or
suspicious activities within your infrastructure, through mail id: [email protected]
Previous Alert and Guideline:
BGD e-GOV CIRT has previously published reports and advisories aiming at raising the
awareness to combat such security incidents. You can find them in the following links:
1. Ransomware Prevention & First Response Guideline
https://www.cirt.gov.bd/ransomware-prevention-first-response-guideline-english-
version-1/
2. Surge in Attacks via Compromised Third-Party Service Providers
https://www.cirt.gov.bd/alert-attacks-via-service-providers/
Page 2 of 2
