AIRLINK 81.10 Increased By ▲ 2.55 (3.25%)
BOP 4.82 Increased By ▲ 0.05 (1.05%)
CNERGY 4.09 Decreased By ▼ -0.07 (-1.68%)
DFML 37.98 Decreased By ▼ -1.31 (-3.33%)
DGKC 93.00 Decreased By ▼ -2.65 (-2.77%)
FCCL 23.84 Decreased By ▼ -0.32 (-1.32%)
FFBL 32.00 Decreased By ▼ -0.77 (-2.35%)
FFL 9.24 Decreased By ▼ -0.13 (-1.39%)
GGL 10.06 Decreased By ▼ -0.09 (-0.89%)
HASCOL 6.65 Increased By ▲ 0.11 (1.68%)
HBL 113.00 Increased By ▲ 3.50 (3.2%)
HUBC 145.70 Increased By ▲ 0.69 (0.48%)
HUMNL 10.54 Decreased By ▼ -0.19 (-1.77%)
KEL 4.62 Decreased By ▼ -0.11 (-2.33%)
KOSM 4.12 Decreased By ▼ -0.14 (-3.29%)
MLCF 38.25 Decreased By ▼ -1.15 (-2.92%)
OGDC 131.70 Increased By ▲ 2.45 (1.9%)
PAEL 24.89 Decreased By ▼ -0.98 (-3.79%)
PIBTL 6.25 Decreased By ▼ -0.09 (-1.42%)
PPL 120.00 Decreased By ▼ -2.70 (-2.2%)
PRL 23.90 Decreased By ▼ -0.45 (-1.85%)
PTC 12.10 Decreased By ▼ -0.89 (-6.85%)
SEARL 59.95 Decreased By ▼ -1.23 (-2.01%)
SNGP 65.50 Increased By ▲ 0.30 (0.46%)
SSGC 10.15 Increased By ▲ 0.26 (2.63%)
TELE 7.85 Decreased By ▼ -0.01 (-0.13%)
TPLP 9.87 Increased By ▲ 0.02 (0.2%)
TRG 64.45 Decreased By ▼ -0.05 (-0.08%)
UNITY 26.90 Decreased By ▼ -0.09 (-0.33%)
WTL 1.33 Increased By ▲ 0.01 (0.76%)
BR100 8,052 Increased By 75.9 (0.95%)
BR30 25,581 Decreased By -21.4 (-0.08%)
KSE100 76,707 Increased By 498.6 (0.65%)
KSE30 24,698 Increased By 260.2 (1.06%)

ISLAMABAD: Hostile elements may launch cyber attack on the occasion of Independence Day, i.e., 14th August, 2023 for disruption of services and defacement to tarnish the global image of Pakistan, warned the National Telecommunications and Information Security Board (NTISB).

The Board has issued advisory, “Prevention against Website Compromise on the Eve of National Days” noted that hostile elements/ state-sponsored malicious actors typically target government departments/ ministries and defence sector websites on the eve of the National Days for disruption of services and defacement to tarnish the global image of Pakistan. It is likely that hostile elements may launch cyber attack on the occasion of Independence Day, i.e., 14th August, 2023.

FBR under cyber attack?

Accordingly, an advisory is being sent to sensitise website administrators and Service Providers to take additional security precautions (such as web server hardening, traffic/ integrity monitoring, etc.) to avoid possible website defacement/ hacking attempts. NTISB has issued 47 advisories in 2023 so far with respect to cyber-attacks, hacking, fraudulent/fake email, etc., and protection guidelines for individuals, government employees as well as websites.

Further, web server administrators should be made mindful of cyber security guidelines including; Cyber Security Best Practices for Websites Protection; (a) Upgrade OS and web servers to latest version; (b) Website admin panel should only be accessible via white-listed IPs; (c) Defend your website against SQL injection attacks by using input validation technique; (d) Complete analysis and penetration testing of application be carried out to identify potential threats; (e) Complete website be deployed on inland servers including database and web infrastructure; (f) HTTPS protocol be used for communication between client and web server; (g) Application and database be installed on different machines with proper security hardening; (h) Sensitive data be stored in encrypted form with no direct public access; (i) DB users privileges be minimized and limited access be granted inside programming code; (j) Proper security hardening of endpoints and servers be performed and no unnecessary ports and applications be used; (k) Updated Antivirus tools/ firewalls be used on both endpoints and servers to safeguard from potential threats; (l) Enforce a strong password usage policy; (m) Remote management services like RDP and SSH must be disabled in production environment; (n) Deploy web application firewalls (WAF) for protection against web attacks; (o) Employ secure coding practices such as parameterized queries, proper input sanitization and validation to remove malicious scripts (p) Keep system and network devices up-to-date; (q) Log retention policy must be devised for at least 3x months on separate device for attacker’s reconnaissance.

Comments

Comments are closed.