The National Telecommunication and Information Security Board (NTISB) has raised an alarm regarding a possible cyberattack aimed at disrupting services and tarnishing Pakistan’s global image on Independence Day, August 14, 2023. The Board’s advisory, titled “Prevention against Website Compromise on the Eve of National Days,” underscores that hostile elements, often state-sponsored malicious actors, historically target government departments, ministries, and defense sector websites to unleash attacks on such significant national occasions.
Highlighting this imminent threat, the NTISB is taking proactive measures to sensitize website administrators and service providers. The advisory recommends adopting additional security precautions, including web server hardening and traffic/integrity monitoring. These steps are crucial to thwart potential website defacement and hacking attempts that might be orchestrated by these hostile entities.
NTISB’s efforts to counter cyber threats are evident through its issuance of 47 advisories in 2023. These advisories cover a range of cybersecurity concerns, including cyberattacks, hacking, fraudulent/fake emails, and protection guidelines for individuals, government employees, and websites.
To fortify digital defenses, NTISB advocates adhering to a series of cybersecurity best practices:
- Keep operating systems and web servers updated to the latest versions.
- Restrict access to the website admin panel to white-listed IP addresses only.
- Shield websites from SQL injection attacks by employing input validation techniques.
- Conduct thorough analysis and penetration testing to identify potential vulnerabilities.
- Deploy the complete website infrastructure on local servers, including databases.
- Use the HTTPS protocol for secure client-web server communication.
- Separate application and database installations on different machines with robust security measures.
- Store sensitive data in encrypted form, limiting public access.
- Minimize database user privileges and grant access within programming code.
- Implement stringent security measures on endpoints and servers, avoiding unnecessary ports and applications.
- Employ updated antivirus tools and firewalls on endpoints and servers.
- Enforce strong password usage policies.
- Disable remote management services like RDP and SSH in production environments.
- Utilize web application firewalls (WAF) for safeguarding against web attacks.
- Adhere to secure coding practices, including parameterized queries and input validation.
- Maintain up-to-date systems and network devices.
- Establish a log retention policy for at least three months on separate devices to identify attackers’ reconnaissance activities.