Lahore, December 7, 2024 – The Lahore Chamber of Commerce and Industry (LCCI) has raised alarm over the escalating frequency of cyberattacks, which are wreaking havoc on businesses and the economy. LCCI officials stressed the urgent need for a robust cybersecurity framework to safeguard digital platforms.
(more…)Tag: cyber security
-
Cyber Threats Surge in Pakistan’s Financial Sector: Kaspersky
The financial sector in Pakistan has experienced a significant rise in cyber threats during 2024, according to statistics released by global cybersecurity firm Kaspersky.
Data from the Kaspersky Security Network revealed that 13.7% of users in Pakistan faced web-based threats during the third quarter of 2024, including phishing attacks and malicious websites targeting sensitive user information. Additionally, 18.7% of users encountered local threats, such as malware spread through USB drives and encrypted file installers, which evade detection and compromise system security.
Speaking at the Cyber Threat Intelligence Summit in Islamabad, Kaspersky provided a detailed analysis of the growing cyber threat landscape in Pakistan. Financial malware and spyware attacks have seen a marked rise, posing serious risks to both individuals and institutions. Ransomware, phishing, and espionage-driven malware remain key threats, with Advanced Persistent Threat (APT) groups like Lazarus and SideWinder orchestrating sophisticated campaigns aimed at stealing sensitive data.
The financial sector has been particularly vulnerable, with a 114% increase in banking and financial malware attacks between January and October 2024 compared to the same period last year. These attacks primarily target digital financial operations, significantly endangering financial security. Kaspersky experts also flagged an alarming trend of rising financial cyberthreats on smartphones, a phenomenon expected to persist into 2025.
Spyware attacks in Pakistan surged by 63% during the first ten months of 2024. This type of malware gathers and transmits user data to unauthorized entities, raising critical privacy concerns for both corporate and government sectors. Experts warn that attacks exploiting stolen data could see a sharp increase in 2025.
Industrial Control Systems (ICS) also face mounting threats, particularly in critical infrastructure sectors such as energy, utilities, and manufacturing. According to Kaspersky, 29.51% of ICS computers in Pakistan were targeted by cyberthreats in Q3 2024. These attacks range from malicious scripts and phishing pages to more sophisticated malware designed to compromise operational technology systems.
“Pakistan’s rapid technological integration must be matched with robust cybersecurity measures,” said Dmitry Berezin, Kaspersky’s Global Security Expert. “Organizations need to adopt proactive, multi-layered cybersecurity frameworks, incorporating real-time threat intelligence, continuous monitoring, and incident response. Employee education is equally crucial. Individuals should use advanced security solutions and follow cybersecurity hygiene principles to protect their digital lives.”
As cyber threats grow increasingly complex, both institutions and individuals in Pakistan must prioritize cybersecurity to safeguard sensitive data and digital assets.
-
Cybersecurity Advisory Issued for iPhone Users in Pakistan
A cybersecurity advisory has been issued for iPhone users in Pakistan, warning them of a potential threat from the Pegasus spyware deployed through the Blast Pass Exploit.
(more…) -
Techaccess Pakistan organizes Cyber incident management handling workshop
KARACHI: Techaccess Pakistan has conducted a Cyber Incident Management Handling Workshop during this week at “The Institute of Bankers Pakistan” in Karachi.
The workshop has carried out best practice exercises for the in-depth study of the methods of management, immediate containment and detailed analysis of the acts of recent cyber-attacks, some taken from recorded events. Over thirteen local banks participated in the workshop, much appreciated by the esteemed Participants.
Syed Aun Abbas Bokhari, CISO at Bank Al Habib, said the seminar was very interesting, as it was addressed to the current issues affecting our security mission and topics were nicely covered, well treated, and professionally clarified. I would recommend more Workshops with advanced levels.
Ali Imran, CISO Bank Islami, expressed his appreciation and compliments on the organization of the Workshop and about its results. He emphasized the need to extend the educational approach to the analysts engaged in sensitive department such as security operation center and incident response teams to continuously update their knowledge on security procedures, new emerging threats way to detect and appropriate updating of new IT architectures to improve the resilience of the whole IT Platform of sensitive institutes such as the Financial Domain.
We visited several banks with our security portfolio earlier this year and they highlighted the need for incident management frameworks and need for capacity building, said Tariq Malik, CTO Techaccess.
He highlighted the professional interest and passionate participation of the representatives of the Banks. Participants raised interesting observations and demonstrated that their use of tools during the Incident Management trials highlighted a serious professional approach to managing multiple security risks that endanger the financial domain.
Participants recommended sharing the incident management seminar through academic channels in all major Pakistani cities so that younger generations can benefit from it and improve their employment prospects.
Techaccess is a local integrator and a company specializing in security architectures and its implementation. Tariq Malik, thanked the participants and trainers. -
SBP governor highlights cybersecurity issues at IFSB
KARACHI: The governor of State Bank of Pakistan (SBP), Dr. Reza Baqir has highlighted issues related to cybersecurity faced by banking system at the Islamic Financial Services Board (IFSB), Malaysia organised the 13th Public Lecture Series on the theme of ‘Sustainability and Cyber Resilience’ on December 8, 2021 in Abu Dhabi, United Arab Emirates.
(more…) -
SBP rejects reports of financial losses in cyber attack
KARACHI: State Bank of Pakistan (SBP) has strongly rejected the media reports of financial losses or data stolen in the recent cyber attack.
In a tweet on Monday, the SBP said some fake news regarding cyber security attack on banks is in circulation including remarks attributed to Chief Spokesman Abid Qamar.
According to these fake news, nine banks have been affected by the attack and that money has been withdrawn and data stolen.
“SBP rejects these news [reports].”
No bank, other than the National Bank of Pakistan (NBP), has faced a cyber attack.
“Further, no financial loss or data breach has been observed so far,” the SBP added.
The SBP is monitoring the situation closely and it will share any update or information about the incident through its official channels, according to the tweet.
Earlier, on October 30, 2021, the SBP in another tweet stated that the NBP had reported a cybersecurity-related incident that is being investigated. “NBP has not observed any data breach or financial loss. No other bank has reported any such incidence,” the SBP said adding it was monitoring the situation closely to ensure the safety and soundness of the banking system.
-
SRB website under cybersecurity threat
KARACHI: The official website of Sindh Revenue Board (SRB) has been identified as cyber-vulnerable and prone to citizen’s data leakage.
National Telecom and Information Technology Security Board (NTISB) has issued an advisory through a notification dated March 03, 2021.
It said that critical vulnerabilities had been identified in website of SRB (notification can be downloaded https://download1.fbr.gov.pk/Docs/202131115323494Advisory8.pdf) that may result in database access and manipulation, exfilteration of sensitive data, remote take-over of users’ sessions and website defacement.
Identified vulnerabilities are as under:
a. SQL injection in database
b. Citizen’s data leakage
c. Cross site scripting
d. Unecrypted/plain text transfer of users’ credentials
e. Cross site request forgery
f. Microsoft IIS Tilde directory enumeration
g. Internal IP addresses and server-side paths disclosure
h. Session cookies lacking secure flags
i. Server/ASP net version disclosure
j. Stack traces and error messages on web pages
k. Server-side technology stack documentation pages on public website.
For impact of above mentioned vulnerabilities and guidelines for prevention can be downloaded https://download1.fbr.gov.pk/Docs/202131115323494Advisory8.pdf
-
K-Electric experiences cyber-attack
K-Electric Limited, the primary power utility provider for Karachi, faced a cyber-attack attempt earlier this week, resulting in the disruption of a few services. The company disclosed this incident in a statement released on Thursday, emphasizing that critical customer services remain unaffected.
(more…) -
IT ministry organizes cyber security workshop
ISLAMABAD: An awareness workshop on ‘Cyber Security’ was organized by Ministry of Information Technology and Telecommunication along-with National Information Technology Board (NITB) organized on Friday.
The goal of the event was to highlight the issue of cyber-attacks and how we can protect government’s sensitive data and work towards cyber security as governments around the world are bringing more attention to cybercrimes.
Federal Secretary Ministry of IT and Telecommunication Shoaib Ahmad Siddiqui, Syed Junaid Imam, Member (IT) MoIT, Syed Shabahat Ali, CEO NITB and Bilal Abbasi, Director (IT) MoIT along-with numerous officials from different Federal ministries/divisions were present at the workshop.
Speaking on the occasion, Federal Secretary Ministry of IT and Telecommunication Shoaib Ahmad Siddiqui highlighted that it is important for the government to become more vigilant and secure data to avoid any security and data breaches.
He further added that conventional warfare has been replaced by Cyber warfare and it brings a collective responsibility towards government officials to be prepared against cyber-attacks.
In the end it was shared that MoIT will be conducting more of such events for policy makers, legislators and other government officials, as cyber security awareness is a key priority by MoIT.