FBR prevents data breach by blocking high-severity malware

WEB DESK: In a display of cybersecurity vigilance, the Federal Board of Revenue (FBR) has successfully foiled a significant attempt at a data breach by promptly neutralising a threat originating from a USB device.

The incident, which unfolded in FBR House Room 571, involved a highly severe malware infection introduced through a compromised USB drive.

Swift action by the FBR’s security protocols resulted in the blocking of the malicious software on the affected PC, preventing a potential large-scale data breach or system compromise.

Upon thorough investigation, it was discovered that an FBR staff member or officer had utilised the infected USB drive for printing purposes at a local market print shop. Unfortunately, the infection was unknowingly reintroduced into the FBR network after the visit to the print shop.

In light of this incident, the FBR strongly advocates for restricting the usage of USB drives on PCs within FBR offices, especially for printing purposes.

Furthermore, the implementation of an automated Data Leak Protection (DLP) solution is under consideration to enhance overall security measures, according to FBR’s IT security officials.

According to Business Recorder, a security circular issued by the FBR’s Chief Information Security Officer (CISO) revealed that the CrowdStrike agent, a cybersecurity product, played a pivotal role in thwarting the high-severity malware detected on the USB device.

The potential consequences of this breach could have been catastrophic for the FBR’s data integrity.

Highlighting the inherent risks associated with the use of USBs, the circular emphasised the exposure to malware, viruses, unauthorised access, data leakage, and vulnerabilities arising from outdated software.

Consequently, the FBR strongly advises against the use of USB devices on official PCs within the FBR computer network to mitigate potential security threats.

This crucial directive has been issued with the approval of Member (IT) at the FBR, underscoring the gravity of the situation and the collective commitment to maintaining the integrity and security of sensitive data within the organisation.