Pakistan’s cybersecurity landscape is experiencing rapid transformation due to a marked increase in cyber threats targeting critical infrastructure, financial institutions, and government entities, according to the Pakistan Telecommunication Authority (PTA).
Despite ongoing efforts in capacity-building and raising awareness, the country continues to face challenges such as limited resources, a shortage of skilled professionals, and inadequate public-private collaborations, which hinder progress in addressing these threats. The global nature of cyber threats further calls for international cooperation to strengthen Pakistan’s cybersecurity defenses. While the country is actively establishing links and building synergies, more strategic actions are needed to mitigate the risks endangering its digital ecosystem.
Read More: The State Bank of Pakistan clarifies the situation regarding ATM closures amid cyber attacks
Surge in Cyber-Attacks (2023-2024)
Between July 2023 and June 2024, Pakistan saw a significant rise in cyber-attacks. These included:
- Malware attacks
- Phishing campaigns
- Distributed Denial-of-Service (DDoS) attacks
- Ransomware
- Insider threats
Top Threat Actors: APTs (Advanced Persistent Threats)
The Advanced Persistent Threats (APTs) represent the most advanced cybercriminals, characterized by their sophisticated attack techniques and ability to evolve continuously. These actors conduct high-profile attacks using novel tools and intricate methods that surpass other cybercriminal groups. Geopolitical factors often influence their tactics and targets. Notable APT groups targeting Pakistan in 2023 included:
- Gamaredon
- DoNot
- Bitter
- Kimsuky
- Lazarus
- SideWinder
Their primary targets included:
- Internet backbone infrastructures
- Healthcare entities
- Government-affiliated organizations
Most Targeted Sectors
Globally, certain industries remain highly vulnerable to cyber extortion campaigns:
- Manufacturing was the most targeted sector in 2023.
- Healthcare was the second most targeted sector.
- Technology and retail industries followed.
- The financial and insurance sectors also experienced significant attacks from ransomware and APT groups.
- Education, energy, and utilities industries remain at high risk.
Telecommunications is the 5th most targeted sector for phishing attacks, which globally saw a 173% surge in 2023-24.
Pakistan’s Progress in Cybersecurity
Pakistan’s efforts in improving its cybersecurity stance have led to significant progress. The country has advanced to a Tier-1 (Role Modeling) status in the 2024 Global Cybersecurity Index by the International Telecommunication Union (ITU), placing it among the top 40 countries. This is a marked improvement from its previous position of 79th.
Despite the progress, Pakistan continues to face challenges in building a resilient cybersecurity ecosystem, and further efforts in collaboration, resource allocation, and training are essential to counter the growing threats effectively.
