zeeshan khan
The public, business, and government agencies are being warned by the National Cyber Emergency Response Team (NCERT) in a critical advisory about the increasing risk of cyberattacks caused by incorrect email configurations.
The advise alerts the public to the growing prevalence of domain spoofing, business email compromise (BEC), and phishing, which are being used worldwide and have an impact on Pakistan’s economy, public trust, and national security.
The advice claims that hackers are using lax email security settings to commit financial fraud, distribute ransomware, steal credentials, and impersonate companies.
Read More: Meta Group Bans: Facebook Communities Shut Down Due to AI Glitch
Bypassing detection and manipulating trusted communication channels is made possible by the lack of authentication methods like SPF, DKIM, and DMARC. Organizational operations and communications may be impacted by valid emails being blocked or labeled as spam due to misconfigured or absent security settings.
The alert lists several technical code vulnerabilities that have been found to expose domains to spoofing and abuse, such as WK-1 (no email protection mechanisms), WK-4 (DMARC in monitoring mode only), and WK-5 (missing subdomain safeguards).
Threat actors attempting surveillance and instability through disinformation and corrupted communication include state-sponsored organizations, hacktivist organizations, and economically driven cybercriminals.
The National CERT states that both system administrators and users must take urgent action. In addition to implementing multi-factor authentication, conducting frequent security audits, and training employees to spot phishing and spoofing attempts, organizations are advised to enforce email security standards across all domains and subdomains.
It is recommended that email service providers use sophisticated security technologies and robust domain authentication procedures to keep an eye out for and filter harmful content.
All organizations are strongly urged to approach email-based communications as a high-risk vector that necessitates constant surveillance in the advisory’s conclusion. The National CERT promotes cooperation for the exchange of real-time threat intelligence and advises incident reporting using its Official portal PKCERT. The advise cautions that inaction could lead to a collapse in public and international trust, financial loss, and harm to one’s reputation.
