DHAKA, July 30 (V7N) – Bangladesh Bank (BB) has issued a comprehensive cyber-attack warning to all banks and financial institutions, urging them to implement stringent precautionary measures against potential disruptions to critical information infrastructure (CII), banking and financial services, healthcare, and public and private sector operations.

In a notification issued today, July 30, 2025, the central bank cited various sources indicating that banks and financial institutions are likely targets for cyber-attacks. Institutions have been specifically instructed to bolster their systems, particularly against small and mid-level threats.

The central bank's detailed instructions include:

System Updates: All banks and financial institutions must update patches on their servers, databases, and systems.

Access Control and Redundancy: Shut down unnecessary portals, enforce least privileged access, implement the 3-2-1 strategy for data backup and restoration, and enable multi-factor authentication (MFA) for critical systems. The 3-2-1 strategy recommends having at least three copies of your data, stored on two different media types, with one copy kept offsite.

Prompt Action on Irregularities: Institutions are required to act promptly if any irregularities are detected in their IT systems. This includes deploying Security Information and Event Management (SIEM) systems (which aggregate and analyze security logs and events to detect threats) and Network Intrusion Detection Systems (NIDS) (which monitor network traffic for suspicious activity and known attack patterns), among other protective measures.

Threat Detection and Prevention: Bangladesh Bank advised the use of Endpoint Detection and Response (EDR) antivirus software (which continuously monitors and records endpoint activity to detect and respond to threats), along with regular updates of threat signatures.

Vigilance and Reporting: IT teams have been directed to remain vigilant 24/7, ensuring they are prepared to respond promptly to cyber-attacks. The central bank also stressed the immediate reporting of any suspicious logins or unauthorized file or data modifications to relevant authorities.

External Connection Monitoring: Banks are instructed to closely monitor external connections and to restrict and regularly review remote access, VPNs, and privileged accounts.

Security Operation Centers (SOCs): All banks and financial institutions must establish 24/7 monitoring of their Security Operation Centres (SOCs) with adequate manpower.

Operational Resilience: Emphasizing the need for operational resilience, Bangladesh Bank urged institutions to maintain a robust fallback system, including regularly updated Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP).

This warning follows recent reports of increased cyber threats targeting Bangladeshi banks, including unauthorized transactions using dual currency cards linked to social media ad managers and malware attacks, such as the one experienced by Bangladesh Krishi Bank last month. The central bank's comprehensive directive aims to proactively enhance the cybersecurity posture of the nation's financial sector amidst escalating global cyber threats.

END/AHS/RH/