Mohsin Siddiqui (Chief Reporter)

The Federal Board of Revenue (FBR) has successfully thwarted a significant data breach attempt by promptly intercepting an infection targeting FBR computers via a USB device.

Investigation into the incident reveals that the security breach originated from an infected USB drive utilized within FBR House (Room 571). Fortunately, the potent malware was neutralized upon detection, preventing any major compromise of data or systems.

Upon thorough examination, it was determined that an FBR staff member had taken the infected USB drive to a local print shop for file printing, inadvertently reintroducing the infection into the FBR network upon return. As a precautionary measure, it is strongly advised to restrict or monitor USB usage on PCs within FBR premises, especially for printing purposes. Additionally, plans for implementing an automated Data Loss Prevention (DLP) solution are underway, as stated by FBR’s IT security officials.

In accordance with a security circular issued by the FBR’s Chief Information Security Officer (CISO), the cyber security product CrowdStrike effectively neutralized the high-severity malware found on the USB device connected to the FBR network, averting a potential data breach.

The use of USB devices poses grave security risks, including malware exposure, unauthorized access, data leakage, and vulnerabilities stemming from outdated software. Hence, it is strongly advised to minimize the usage of USB devices on official PCs within the FBR network to mitigate potential security threats.

This measure has been approved by the Member (IT) of the FBR, reinforcing its importance in safeguarding sensitive information and preserving data integrity.