We bring your kind attention to combat cyber threats during EID vacation focused with the below mentioned threat considerations:

Top targeted Organization Type:

a. Govt & Military

b. Law Enforcement Agencies

c. Banking and NBFI

d. Pharmaceuticals

e. Retail and Industrial Organizations

f. Energy and education sectors

Top detected attack types:

a. DDOS-Being the most observed attack type in Bangladesh cyberspace

b. Ransomware-Bangladesh witnessed a rise in ransomware incidents in 2 quarter of 2023

c. Web Defacements using web shell injection technique

d. Phishing-Observed sophisticated phishing campaigns using Al tools

e. Credential theft 'Redline stealer' is the most found stealer in targeted entities

f. APT campaigns-emerging groups are launching campaigns actively

Top Threat Actors

a. South Asian based underground hackers

b. Script kiddies with credential harvesting expertise

c. Ransomware and APT Threat Actors such as "Money Message" and "Akira'

All government, military and financial institutions are requested to take the following measures to ensure their infrastructures' security:

1. Ensure strict network and user activity monitoring 24/7, especially during non-office hours, and watch out for any indication of data exfiltration, any sort of repeated patterns that may indicate attempts of lateral movement, discovery, or command and control behavior.
2. Mobile users should be cautious while browsing internet and refrain from accessing untrusted sites or downloading files from it.
3. Ensure vital services as such DNS, NTP as well as network middleboxes are securely configured and are not exposed on the internet.
4. Educate users to abide by password policy best practices, and to refrain from using corporate emails on other platforms.

To read the full content, please click here.