The Federal Board of Revenue (FBR) has averted a major attempt at data leakage by timely stopping infection to the FBR’s computers through a USB device.
Details of the incident revealed that the security incident occurred due to an infected USB drive used in FBR House (Room 571). The high-severity malware on the USB was blocked on the PC, hence a major data breach or systems has been averted.
Upon FBR’s investigation, it was revealed that the end-user (FBR staff/officer) had taken the USB drive to a local print shop in the market for the printing of infection (file) at that shop and this infection was brought back to the FBR network.
“It is once again highly recommended to either block or limit the usage of USB drives on PCs within FBR offices across the count between officers and for printing purposes and plan for an automated Data Learn Protection (DIP) solution to be implemented,” FBR’s IT security officials added.
According to a security circular issued by the FBR, the Chief Information Security Officer (CISO), FBR has reported that the Crowdstrike agent successfully blocked high-severity malware detected on a USB device that was attached to FBR’s network, which could lead to a major data breach in FBR’s system.
The use of USBs carries significant and extremely serious risks. In addition to the obvious possibility of exposure to malware and viruses, it can also lead to unauthorized access, data leakage and vulnerabilities caused by outdated software. In this regard, it is strongly recommended that the usage of USB devices on official PCs within the FBR computer network be avoided in order to prevent potential security threats.
This issues with the approval of Member (IT), FBR, FBR added.
