ISLAMABAD — The National Cyber Emergency Response Team (National CERT) has sounded the alarm over rising cyber threats exploiting poorly configured email systems, urging all sectors—public, private, and governmental—to take immediate corrective action.
In a detailed advisory, National CERT warned that cybercriminals and state-backed actors are actively exploiting misconfigured email protocols to launch phishing attacks, hijack communications, steal sensitive information, and commit financial fraud. The advisory underscores the implications for Pakistan’s national security, economic stability, and public confidence.
Attackers are particularly targeting domains that lack essential email authentication protocols such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting & Conformance). The absence or improper configuration of these measures allows bad actors to impersonate legitimate institutions and bypass security filters, enabling domain spoofing and business email compromise (BEC).
The report flags specific technical weaknesses, including:
-
WK-1: No email protection protocols in place.
-
WK-4: DMARC implemented only in monitoring mode.
-
WK-5: Subdomains lacking protective configurations.
These vulnerabilities not only expose organizations to external threats but also disrupt internal communication by misrouting or blocking legitimate messages.
National CERT noted that threat actors range from financially motivated hackers and ideological hacktivists to state-sponsored espionage units. Their intent varies—from financial theft and misinformation to intelligence gathering and national destabilization.
The advisory calls on IT administrators to take immediate action:
-
Enforce robust authentication on all email domains.
-
Activate multi-factor authentication.
-
Regularly audit and patch security systems.
-
Educate employees to recognize suspicious email behavior.
Email service providers are also encouraged to enhance security filters and adopt stronger domain authentication technologies.
CERT concluded the advisory with a stern reminder: neglecting these risks could lead to serious consequences, including reputational harm, financial loss, and erosion of both domestic and international trust. Institutions are urged to report suspicious activity promptly via https://pkcert.gov.pk/report-incident.asp and actively engage in real-time threat information sharing.
