In October 2022, Somoy TV’s YouTube channel was hacked. Shortly before this incident, Binance, one of the world’s largest cryptocurrency exchanges, was hacked, causing users to lose nearly $571 million worth of BNB tokens. Besides, we all know more or less about Bangladesh Bank’s reserve theft in 2016. But, all these three incidents are directly related to one thing, “Cybercrime.” Any crime committed using the internet and digital devices is called cybercrime, and ensuring maximum security in digital devices to stop these crimes is the biggest concern nowadays. In 2022, Data breaches alone cost $2.10 billion globally. According to Cyber Security Ventures, if cybercrime were considered as a country, its GDP would be $6 trillion, the third largest economy in the world after the USA and China.
Why is Cyber Security a Concern?
Although the main goal behind cybercrime is to become economically beneficial, it also often takes place to harm a person or organization. With the proliferation of digital devices and internet users worldwide, cybercriminals are also growing. In the early days, criminals were directly involved in several criminal activities like theft and robbery, but now they are hiding their identities virtually and stealing money and information. Following these cybercriminals’ footprints, it often becomes impossible for law enforcement agencies to find their identity. Even if they can identify the hacker’s IP, it is quite time-consuming to follow it and bring the hacker under the law. During the corona period in Bangladesh, the number of cyber criminals increased by using social media such as Facebook, Likee, TikTok, Bigo Live, etc. Apart from this, several criminal activities in Bangladesh’s financial sector, like ATM hacking and eCommerce fraudulent, also increased at that moment. Furthermore, due to the global Pandemic and the ongoing economic rescission, many people lost their jobs and got involved in various types of criminal affairs, among which cybercrime is the most prominent.
Various types of cybercrime are being committed globally, but crimes such as hacking, spyware or malware injection, spamming, and phishing are notable. Hackers conduct these criminal activities by manipulating various software and digital devices connected to the Internet. Therefore, although there are many types of cyber-attacks based on hardware, software, or network systems, they can be broadly divided into three categories – attacks on confidentiality, attacks on integrity, and attacks on availability.
Incidents such as theft of personal information, bank account, and credit card information are called attacks on confidentiality. Criminals collect this data for their own use and sell it on the dark web for others to use. For example, Yahoo has been the victim of cyber attacks three times, in the last decade. Finally, in August 2016, hackers attacked Yahoo Finance and stole confidential and important information, like the name, mobile numbers, account PINs, etc., of 1 billion users.
An attack on integrity is any unauthorized access to a device or system that exposes personal data and files to the public. This type of attack can dishonor a person or organization and make people lose their trust in them. For example, in 2013, American presidential candidate, former Secretary of State and ex-first lady Hillary Clinton’s emails sent using her private server were exposed by Russian hackers, which harmed her reputation and, according to experts, played a significant role in the defeat of the Democrats in the 2016 election.
And finally, Attack on Availability, when hackers steal personal information from a user and demand money for it. The hacker returns the data to the user when the ransom is paid. For example, global hackers have created critical situations using consumer-level ransomware. In this type of cyber attack, all the files on the victim’s computer are encrypted, and they demand ransom money in return. In 2021, 576 American organizations were victims of ransomware war attacks. During that time, those companies faced a loss of nearly $160 billion because the attack made their system shut down. Also, according to a report by Cyber Security Ventures, the volume of ransomware attacks increased by 13 percent from 2020 to 2021, and through these attacks, hackers grabbed $20 billion in ransom globally. According to cyber experts, by 2031, the damage cost caused by ransomware will reach $265 billion.
Judging by the above categories, many cybercrimes have been committed in the last decade alone. For example, in October 2016, global tech transportation giant Uber’s network suffered a cyber attack where hackers stole 57 million users’ data. According to the hackers’ demands, Uber authorities paid 100K dollars to prevent this information from becoming public, but the hackers leaked it in the end. Also, as recently as 2022, there was a cyber attack on Uber’s servers, due to which the company’s internal communication and management systems were compromised. Other tech companies like Microsoft, Nvidia, Ubisoft, Samsung, and Vodafone have also been victims of cyber attacks at various times. Not just tech companies, cyber-attacks have affected all industries like cryptocurrency, game development, news, and media corporations. For example, in July 2017, hackers attacked HBO’s OTT servers, leaking 1.5 TB of the platform’s content, including unreleased episodes of the popular TV show Game of Thrones. Again, in September 2022, hackers stole and leaked 50 minutes of gameplay of GTA VI, an unreleased game by Rockstar Games, which quickly went viral on GTA Forum and other social media. Also, in October 2022, the blockchain network of the cryptocurrency exchange “Binance” was attacked by cyber attackers, from which hackers removed $570 million worth of BNB Tokens.\
Apart from these global incidents, Bangladesh Bank reserve theft is also one of the biggest cyber attacks in the history of the world in terms of financial losses. Apart from this incident, many government organizations, private institutions, and individuals have been victims of cyber attacks in the country. According to Business Standard, 3.69 percent of Kaspersky Antivirus users in Bangladesh are victims of Trojan attacks, which is the highest compared to other countries worldwide. Also, in an event on cyber security held in August 2022, Deputy ICT Minister Junaid Ahmed Palak said that the country’s national security is at risk. He also mentioned that due to foreign state-sponsored cyber attacks on various national security infrastructures such as telecommunications, power, and financial sectors. Bangladesh These attacks are not regular but are different and deliberate from normal attacks. Also, in the last few years, fraudsters impersonating officials of various MFS service providers in Bangladesh have taken users’ account credentials and cashed out all account money through SIM cloning. Additionally, there have been scams that bypass OTP codes and link people’s Bikash accounts to purchase products on the eCommerce marketplace, Daraz. Several of these scams have already been documented by law enforcement.
Time to Get Serious About Cyber Security
Apart from information technology, the biggest challenge facing any industrial sector today is cyber security. Therefore, ensuring data safety stored in digital devices we use regularly has become essential. Cyber security, from global banking and financial data, is essential in any industry. But, in addition to industries, ensuring cyber security is critical to safeguarding any country’s national security and defense systems. Currently, five countries in the world possess nuclear weapons, and almost every country’s military system is fully computerized, which poses a major threat to the security of the entire world. Therefore cyber security must be ensured not only at the institutional and individual levels but also at the national level.
Starting from regular communication, almost all activities of people’s daily life can now be done digitally, so to reduce the amount of cybercrime at the personal and institutional level, everyone should follow specific rules through which it is possible to keep their data safe. For example, on a personal level, daily electronic devices such as mobiles, computers, laptops, tablets, smartwatches, etc., should always have updated operating systems, strong passwords, and biometric passwords.
Almost all digital device manufacturers and software developers constantly work to ensure bug-free software and secure software and release updates at regular intervals. Therefore, it is essential to use the updated operating system and software to protect the device and its information from any new cyber attack. Also, operating systems, such as Android, Windows, or Mac OS, have built-in defenders or firewalls, so there is no need for an antivirus nowadays. Furthermore, companies like Google, Apple, and Microsoft have provided built-in malware protection to ensure the security of their consumers based on ongoing hacking or system-penetrating trends in the cyber world. However, due to a lack of knowledge, many people often download files from websites without proper SSL Certificates or click on phishing links in emails without understanding and become victims of various types of cybercrimes. To avoid such risk, one should not download software or file from any unauthorized website, server, or torrent site. In addition, the plug-ins and extensions used in the browser should always be kept updated and avoid using any unknown plug-ins or extensions. In addition to protecting devices, everyone should use strong passwords to stay secure on social media platforms. Although websites store user information such as user IDs and passwords through hash codes, it is still essential to create a 10-14 character password with capital and small letters, numbers, and special characters to open an account on websites and change the password after a few months. It is recommended that users use separate passwords for each social media and those passwords not be saved in the browser. In addition, users should always log out before the use common devices in educational institutions or offices.
In today’s social media era, incidents like data theft, ransomware, and bullying are a part of cybercrime. To avoid cyberbullying, keep your account’s privacy settings updated to avoid sharing personal information with strangers, including pictures, videos, and other information. In addition to refraining from slanderous and insulting comments online, if someone ever cyberbullies you, do not keep it to yourself, inform someone you trust and take legal assistance if necessary.
Most of the world’s hacking involves email and messaging. By downloading links or attachments in emails or messages, many unknowingly give complete control of their devices to cyber criminals. In the last two decades, numerous people have been victims of various types of scams, including €500,000 winning messages from CocaCola or being selected as a trusted person by a Nigerian prince. People should always avoid these suspicious emails. Also, a multi-level security system should be used when transacting money or storing important documents on any website or platform online. From social media like Gmail, Facebook, and Twitter to online payment platforms like PayPal, Pioneer, BKash, and banking apps, two-factor authentication and biometric identification should be kept on so that no one can make illegal intrusions. Also, if any call, mail, or message comes from a known bank or organization asking for information, then call the official helpline number of the bank or organization to make sure that the data is being asked from the proper organization or not.
An organization can take several initiatives to maintain the security of a central system institutionally. For example, the organization can provide individual user ID passwords for all users within a network. By doing this, no person who is not listed on the official server can access the server. Also, the company email ID should be used for all official work, and log out or lock the screen after work. Furthermore, the administration should back up their essential documents of the organization on multiple servers. Lastly, big conglomerates should maintain their own expert IT departments starting from tech companies or companies providing tech-based services in Bangladesh, so that these companies can maintain their own data security.