The government on Thursday alerted both public and private organisations, including critical information infrastructures (CIIs), about a potential cyber-attack.
This alert follows the recent identification of critical vulnerabilities in information infrastructure, Sukanta Chakraborty, public relations officer of BGD e-GOV Computer Incident Response Team (CIRT) told The Financial Express.
Addressing these vulnerabilities in the digital infrastructure could prevent potential cyberattacks, he added.
The ICT Division has announced 34 organisations, including the Bangladesh Bank, as critical information infrastructure.
The government's cyber-response agency warns of potential cyberattacks targeting CIIs, banks, financial institutions, healthcare and various government and private organisations. These warnings are issued at different times and for specific sectors.
The vulnerabilities identified include F5 BIG-IP Configuration Utility Authentication Bypass, Apache ActiveMQ Deserialization of Untrusted Data, Juniper Junos OS EX Series PHP External Variable Modification, Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow, Remote Code Execution, Atlassian Confluence Data Center and Server Improper Authorization, and Atlassian Confluence Data Center and Server Broken Access Control.
Talking to the FE, Md Mushfiqur Rahman, chief information technology officer at First Security Islami Bank Ltd, said that CIRT's cyber alerts are helping raise awareness in both private and public sector organisations.
Upon receiving alerts from CIRT, he said, IT departments of different organisations receive technical support from the government.
He suggested faster issuance of these alerts.
Organisational efforts and capacity should be bolstered to mitigate such threats further, Mushfiq added.
The cyber-response agency recommended strengthening comprehensive capabilities to combat emerging threats and urged proactive measures for early threat detection.
It called for prioritising the identification and mitigation of known vulnerabilities.
Emphasising cybersecurity training for all users, the agency urged a review of network communication logs from the past six months to uncover suspicious activities.
Besides, it suggested conducting regular vulnerability assessment and penetration testing (VAPT) on all systems and promptly informing BGD e-GOV CIRT via email at [email protected] in case of suspicious activities or vulnerabilities in the digital infrastructure.
© 2024 - All Rights with The Financial Express
