KARACHI: It has been revealed that state institutions, ministries and government departments are being attacked by phishing emails.

According to reports received, National Cyber Security Emergency Response Team has issued an urgent advisory warning directing government organisations to stay on alert. Advisory stated that phishing emails were crafted to deceive users into compromising their credentials by clicking on malicious links or opening attachments.

These emails were traced to multiple public IP addresses and were designed to hide the identity of attackers by using cloud-based services. Forensic analysis had identified the nature of attack, tactics employed and potential risks. Government organistions could take measures to mitigate threats. Advisory directed to implement advanced email filtering and anti-phishing solutions capable of detecting suspicious links, malicious attachments and domain spoofing attempts These solutions should be integrated with threat intelligence feeds to automatically block known phishing domains and IP addresses. It was instructed to deploy and enforce email authentication protocols to prevent attackers from sending phishing emails that appear to come from trusted government domains. Advisory mandated use of multi-factor authentication for all email systems and sensitive applications to provide an additional layer of security against compromised credentials. This will ensure that even if login information is stolen, unauthorised access is prevented. It had been advised to conduct full reset of usernames and passwords for all employees who have interacted with phishing email to eliminate potential access risks.

All organisations were encouraged to implement robust incident response plans to quickly identify and contain phishing attacks. They must leverage threat intelligence platforms to continuously update your security tools with real-time data on known phishing campaigns and threat actors.