Rava is an online news portal providing recent news, editorials, opinions and advice on day to day happenings in Pakistan.
In an unprecedented development that occurred right on the country’s Independence Day, cybercriminals conducted a cyberattack on Pakistan’s largest data center run by the Federal Board of Revenue (FBR), bringing down all the official websites and creating a crisis-like situation for the entire tax machinery.
When opened, the website read: “The FBR’s website is temporarily down for scheduled maintenance.”
Immediately after the incident, the FBR’s team started migrating services, which it said was essential to facilitate the upgradation of the system in order to improve the seamless services to the clients of the revenue body.
The attack comes at a time when, a few days ago, the federal cabinet approved the National Cybersecurity Policy 2021 that allows establishment of a national cybersecurity response framework.
The FBR apprised the clients, who were being provided services from the data center, of some “unforeseen anomalies” during the migration process due to which services would remain unavailable for at least 48 hours. The FBR also regretted the inconvenience caused to the stakeholders as a result of this migration.
An FBR official said that the attack had impacted the virtual environment of the data center, adding that the hackers managed to exploit the hyper-V software by Microsoft Inc. Although the identity of the hackers has yet to be identified, the criminals found selling network access to the agency with more than 1,500 computer systems on a Russian cybercrime forum.
Another official from the technology department said that a new virtual environment had to be created since the virtual environment had been damaged, adding that process might take a bit longer.
“We are trying to restore the websites by Monday afternoon and the essential data center by Monday evening, as we do not want to cause more damage by shifting data in rush.”
According to a source, the hackers had been trying to break the data rooms for the last few days and a warning had also been issued that a grace cyberattack may take place shortly. But the FBR did not pay any heed to those warning, which resulted in the attackers’ ability to take over the data.
Another source said the tax collecting body learnt of the attack after the hackers started impacting the environment. The FBR’s database contains information of trillions of rupees worth of transactions, and the details of the wealth, income and expenses of its citizens.
Regarding the development, Team Rava spoke to a handful of top cybersecurity companies in Pakistan, including AMSAT, and, to its utter shock, came to learn that the FBR came under a similar yet harmless attack on March 23 last year, but no concrete measures were taken to avoid such assaults in the future. This is a clear indictment of Pakistan’s feeble and ill-prepared cybersecurity landscape.
It hardly needs pointing out that there is an urgent need to fix accountability on breach of security system, as Pakistan has seen its fair share of cyberattacks on its private and state enterprises over the last few years. The time cannot be more appropriate for Pakistan’s technology landscape to bolster its security infrastructure in the aftermath of a slew of assaults that could easily have been avoided.