Computer Incident Response Team (CIRT), the primary line of defence of national ICT infrastructure and a wing of Bangladesh Computer Council (BCC), has recently thwarted potential attempts of ATM hacks of Bangladeshi banks.
After being tipped off by the US CIRT, Bangladesh Bank issued a warning to local banks about a potential hacking attempt by unknown parties. BCC's CIRT then took heed of the matter and started investigating potential attempts.
According to an engineer working with CIRT who wishes to remain anonymous, after painstakingly investigating the matter for nine days since late August, the CIRT team has been able to identify malwares in three of the Internet Service Providers (ISPs) from Bangladesh which provide networking support to multiple banks' ATMs. Based on the findings, a report was drafted and delivered to the highest echelon of the government.
Tawhidur Rahman, Senior Technical Specialist (Digital Security & Digital Diplomacy) of CIRT of Bangladesh Computer Council, confirmed to The Daily Star that the three infected Internet Protocols were of Carnival Internet, Access Telecom (BD), and Information Services Network Ltd.
"After forensic investigation, BCC found traces of data in these three ISPs' log entries that helped them identify potentially malicious activity on the networks. So far, the traces of data point to 'Emotet', a trojan horse (a malware that deceives computer systems to gain trust to later siphon off information) that works as downloader for other banking malwares," he claimed.
Once these potentially malicious activities were detected, CIRT informed those three ISPs who later successfully neutralised the threats.
When asked how these infections happened to begin with, Tawhidur informed, "Exact sources are often hard to identify as it can happen from multiple sources simultaneously. Staying vigilant and adhering to all the standardised protocol, updating virus signatures, updating firewalls, cleaning endpoints regularly are the only way to thwart such attacks."
"The infected parts of the network are now secure and most ATMs will hopefully resume operations by next week," he added.
According to Cybersecurity & Infrastructure Security Agency (CISA), the federal arm of the US Government responsible for detection and neutralisation of such threats, the recent attempts to infiltrate money transfer networks is allegedly the handiwork of BeagleBoyz, a subset of the notorious Lazarus Group that has long been suspected to be the state-sponsored hacking group backed by North Korea. They have been accused of stealing nearly $2 Billion in the last few years and deemed responsible for the illicit transfer of $81 Million from Bangladesh Bank in 2016.