KARACHI: The Sindh Information, Science, and Technology Department issued a cyber-security advisory for the employees of the Sindh government to ensure cyber-security measures for their smart gadgets.
The said advisory has been issued in continuation of the directions of the Federal Cabinet Division. Through an official advisory all the provincial government officers and subordinate employees were introduced to the issue of suspicious and malicious applications, the procedure to install them, and recommendations for the future.
Through the same official correspondence officials were informed already identified 120 malicious applications and 12 new ones; which as per correspondence being used by hostile intelligence agencies for espionage and information gathering. Officials were informed that newly identified applications are chat-cum-hacking apps used to trap civil and armed forces officials and personnel to extract classified information through technical coercive and blackmailing measures.
Through the same advisory, officials were informed about the procedure to uninstall the same suspicious applications in case any official who has accidentally installed any of the malicious applications mentioned in the list must immediately note down details including of WhatsApp numbers or Facebook book ID etc of the suspected individual who shared the link for downloading the applications for reporting the same to his organization or department, official should immediately switch off infected mobile phone and remove battery if removable and SIM and disconnect from internet, share this information and incident with known contact persons who have installed any of these applications.
In the same advisory, all the provincial government officials were recommended to always check application permissions before installation and install applications from the official applications store only under command should regularly be sensitized about malicious actors ‘tactics, techniques, and procedures, moreover all personnel, officers and staff be sensitized to refrain from engaging in activities that may lead to exploitation, install and update reputed antivirus solution on mobile devices like AVAST or Kaspersky.
After installation, scan the suspected device with antivirus solutions to detect and clean infections, before downloading or installing applications on Android devices, review the details of the application, number of downloads, user review, comments and additional information section.
Officials were also recommended that in mobile settings, do not enable installation of applications from install OS updates and patches as and when available from the device, do not download or open attachments in emails received from trusted sources or unexpectedly received from trusted users and immediately report to the concerned office.
Most importantly it was also advised to avoid using insecure and unknown Wi-Fi networks as hostile elements use Wi-Fi access points at public places for distributing malicious applications, use two-factor authentication on all internet Banking Apps, WhatsApp, Social Media and Gmail Accounts.
All officers and staff members must be guided to adhere to recommended cyber security measures at personal smart appliances and disseminate the above information to all concerned in their organizations, all attached and affiliated departments, and ensure necessary protective measures.
