Yangyel Lhaden

In the wake of Covid-19, as remote working grows, hacking and phishing attacks have reportedly increased the world over. Many Bhutanese have fallen prey to such ploys. Lack of awareness and adequate safeguards could leave many vulnerable to cyber threats.

According to Bhutan Computer Incident Response Team (BtCIRT), the national computer incident response team under the Ministry of Information and Communications (MoIC), said that the office goers and students have moved online in great numbers due to shutdown resulting from the pandemic.


And, with this, many Bhutanese could be exposed to sophisticated cyber manoeuvres.

A Senior ICT officer with BtCIRT, Sonam Choki said that cybercriminals were taking advantage of the Covid-19 situation and were spreading scams through social networking sites and malicious links through emails promising money, free rewards, job offers and even free internet. Unsuspecting users click on the links and share them on social media groups. That’s just the beginning of the problem.

There have been several cyber-attack cases in Bhutan which led to major damage in terms of financial and data loss or service disruptions to individuals and companies.

Between 2016 and 2018, BtCIRT resolved 275 cyber threats in the country. Out of 275 incidences, 230 were related to system vulnerabilities and 26 to malicious codes.

The most common cybercrimes are phishing through emails and links on social media platforms, vishing (fraudulent voice call), web defacement, and vulnerabilities found in the system (computer, operating system, web and network platforms).

In 2018, a 47-year-old woman in Thimphu lost Nu 80,000 to a Whataspp scam. In 2019, a civil servant in Trashigang and an Indian businessman allegedly lured 13 Bhutanese through a Whatsapp  made off  with Nu 849,000.

According to the Evidence Act of Bhutan 2005 anything that is defamatory, libel, untrue or harassing becomes an offence under the Penal code even if it said or done online.

Sonam Choki said that after the team observed a lot of social media phishing, as a central agency overlooking cybersecurity, BtCIRT was concerned about the habits of users and felt the need to educate them on online safety.

Educational videos on cybersecurity, phishing emails, social media phishing, internet hackers, and password security are being uploaded on their facebook page. They are also aired on Bhutan Broadcasting Service (BBS).

BtCIRT collaborates with system developers in government sectors to fix system vulnerabilities, disseminate information on the latest threat and other vulnerabilities through their facebook page and website. Training and workshops are conducted for information and communications technology officials regularly to equip them skills necessary to combat cyber threats.

What should people know about cybersecurity?

Sonam Choki said that cybersecurity was not the responsibility of IT professionals alone.

She said that according to research, 80-90 percent of cyber-attacks happened because of end-user carelessness.

For example, if an attacker hacks the email of an official of an agency/business, his/her account could be used to spread viruses and phish links to the entire agency. If the end-user clicks on the link, the latest technology and equipment put in place would be rendered useless.

How to stay safe from cyber threats?

Online users should always keep their devices up to date with latest upgrades and patches.

People should always back up their data and should download software from reputable and reliable sources.

The user should not open unknown email attachments unless he or she is sure of the source.

The user should create strong and different passwords for devices and applications.

One should refrain from clicking on social media links that promise rewards, money and other offers.