ISLAMABAD: The Federal Board of Revenue (FBR) has averted a major attempt at data breach by timely stopping infection to the FBR’s computers through a USB device.
Details of the incident revealed that the security incident occurred due to an infected USB drive used in FBR House (Room 571). The high-severity malware on the USB was blocked on the PC, hence, a major data breach or systems has been averted.
Upon the FBR’s investigation, it was revealed that the end-user (FBR staff/officer) had taken the USB drive to a local print shop in the market for printing of infection (file) at that shop and this infection was brought back on the FBR network. It is once again highly recommended to either block or limit the usage of USB drives on PCs, within, FBR offices across the count between officers and for printing purposes and plan for an automated Data Learn Protection (DIP) solution to be implemented, the FBR’s IT security officials said.
NTISB warns of cyber attacks on Independence Day
According to a security circular issued by the FBR, the chief information security officer (CISO), the FBR has reported that the Crowd strike agent (cyber security product) successfully blocked high-severity malware detected on the USB device that was attached with FBR’s network, which could lead to a major data breach in FBR’s system.
The use of USBs carries significant and extremely serious risks. In addition to the obvious possibility of exposure to malware and viruses, it can also lead to unauthorised access, data leakage and vulnerabilities caused by outdated software. In this regard, it is strongly recommended that the usage of USB devices on official PCs within the FBR computer network be avoided in order to prevent potential security threats.
This issues with the approval of Member (IT), the FBR added.