The National Computer Emergency Response Team (NCERT) has recently issued an advisory about a phishing email attack targeting government organizations. This campaign aimed to compromise the credentials of government employees through deceptive emails containing malicious links or harmful attachments.

The attackers used public IP addresses and cloud-based services like Cloudflare to obscure their identities and make it difficult to trace the phishing websites. Although the attached PDFs in the emails were free of embedded malware, the phishing links relied on social engineering to trick recipients into revealing sensitive information, such as usernames and passwords.

To mitigate the threat, NCERT has recommended several security measures. These include advanced email filtering systems, the adoption of email authentication protocols (SPF, DKIM, DMARC), and enforcing multi-factor authentication (MFA). Organizations should also reset passwords for employees who may have interacted with these phishing emails to prevent unauthorized access.

Also Read: Phishing Alert: Parcel Delivery Scam

NCERT emphasizes the need for phishing awareness training and simulated phishing exercises to educate staff about identifying and reporting suspicious emails. The deployment of Endpoint Detection and Response (EDR) systems to monitor unusual activity and the regular updating of systems are also advised. Additionally, document handling policies should restrict unauthorized macros and scripts, and any IP addresses linked to phishing activities should be blocked at both organizational and national levels.

Coordinated incident response and threat intelligence sharing between government bodies are essential for a robust defense against these growing cyber threats.

Related posts:

Pakistan’s Internet Shutdowns Caused Losses of 1.3 Billion Pakistan Achieves Top Score in Cybersecurity Index 2024 Report IT Ministry Clarifies PTA’s Role in Firewall Project