• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Gootloader Malware – Active IOCs
November 25, 2022
Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
November 25, 2022

Rewterz Threat Update – Central Bank Of Gambian Suffered A Data Hack

November 25, 2022

Severity

High

Analysis Summary

Members of the public, Diplomatic and Consular Corps informed that the Central Bank of The Gambia was hacked on November 10, 2022. The Gambia is one of several nations throughout the world that has been targeted several times by cyber criminals intent on blackmailing governments into paying the ransom.
The hackers claim to have stolen 2TB of sensitive data, including personal and sensitive information on bank management, customers, and employees. However, this has not been confirmed by official sources.


The Bank responded quickly to safeguard its systems, and an investigation was launched to ascertain the nature, source, and impact of the incident. One server was found to be affected, according to preliminary investigations, and it was quickly isolated from the bank’s network and a recovery process was set in motion. The mission-critical systems were all unaffected, and operations as usual proceeded uninterrupted.
The bank claims it secured its systems quickly and has started investigating the extent or the scope of the attack. 
The Gambian government has informed the public that currently the bank is fully operational and national payment systems would be maintained in a stable state 

“The authorities are keeping the matter under close monitoring and the public is at this moment reassured that the Bank is fully operational and will continue to ensure the stability of the national payment systems. There is, therefore, no need for panic.

Currently, there are a lot of vulnerability gaps in cyberspace of the Gambia. Government institutions and private companies need to take a proactive approach in dealing with cyber security issues. It is time for all organizations to undertake a security audit of their infrastructure and address any issues that are discovered.

Impact

  • Sensitive Information Theft
  • Server Compromised

Remediation

  • Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
  • Patch and upgrade any platforms and software timely and make it into a standard security policy.
  • Update software and patches regularly against all known vulnerabilities. 
  • Along with network and system hardening, code hardening should be implemented within the organization so that their websites and software are secure. Use testing tools to detect any vulnerabilities in the deployed codes.
  • Implement an information security policy and offer all personnel with annual information security training.
  • Do not permit Bring your own device (BYOD) without sufficient guidelines and security measures.
  • Enable two-factor authentication.
  • Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets
  • Patch and upgrade any platforms and software timely and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
  • Update spam and anti-phishing software and configurations to increase security. 
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.