| 
This is a summary of unauthorized computer access report status
from January to December, 2004 aggregated by IPA.
1. Reported Numbers
Yearly reported numbers for 2004 was 594; it turns
again 45.9% increased comparing with 407 reported in 2003. Following
graph shows the movement of reported numbers received by IPA Security
Center during the past 8 years.
In 2004, Access Probe was 115.5%
which significantly increased compared with the one
showed in 2003; however, the actual damaged number was
decreased . Whomever user is a corporation or
an individual, attack was being performed indiscriminately ;
while, as for the reason of reported number for actual damage
decrease, what one can assume is that security countermeasures
widely spread from corporate user level.
*1) “Access Probe (Attempt)” specifies
that there are some attempts in relation to unauthorized computer
access have been realized in server/firewall logs.
*2) “Worm Probe” specifies worm access
detection, but not actually damaged by that worm.
|
Reported Number Classified
|
2003
|
2004 |
Intrusion
|
43 (43) |
64 (64) |
Access
Probe (Attempt) |
515 |
239 |
Infection
w/Worm |
0 |
5 (5) |
Worm Probe
|
7 |
39 |
Unauthorized
Mail Relay |
3 (3) |
9 (9) |
Source
Address Spoofing |
11 (11) |
18 (18) |
DoS
(Denial of Service) |
4 (4) |
8 (8) |
Others
|
11 (11) |
25 (22) |
Total |
594 (72) |
407 (126) |
* Numbers in Parenthesis show actual
damaged number.
3. Breakdown
for Damage
Of actually damaged numbers of total reported numbers,
following show breakdown classified by each case. Damages
in relation to file alteration (includes codes embedding)
and Home Page alteration are reported in quite
a few numbers.
| Breakdown
of Damage |
2004
|
2003
|
File Alteration
|
21
|
43
|
Home Page Alteration
|
15
|
15
|
Server Down |
5
|
4
|
Unauthorized Mail
Relay |
4
|
9
|
Theft of Password
File |
3
|
4
|
Service Lowering
|
3
|
7
|
Open Proxy |
2
|
1
|
Preparation
of Unauthorized Account |
1 |
2 |
Others |
31
|
61
|
Total |
85
(*) |
146
|
* It may be a case that there contains
multiple damages per actual damage report number; the total of reported
numbers for actual damage is not being consisted.
4. Reported Numbers Classified by Filers
For breakdown classified by filers, of 90.1%
of reports were from individual users that further increased
from 70.3% marked in 2003. Widely spread such environment that constant
connection of ADSL and/or FTTH, etc. on individual user level, it
can be assumed that whomever the user is corporation or
individual, they became subject to be attacked indiscriminately
.
5. Cause of Damage
Breakdown of reports actually damaged classified
cause; 11 for use of older version/not yet applied patches (36.7%),
10 for insufficient settings (33.3%) and 9 for insufficient ID/password
management (30.0%) were realized. This is meant to be that varieties
of insufficient security countermeasures were being targeted .
* Excluded for those if damage cause is unknown
or not applicable.
6. Information of Countermeasures
It can be seen that most of damages being reported
are caused by not being conducted fundamental security countermeasures.
As for further countermeasures for unauthorized computer access,
system administrator should confirm following
items and conduct integrated countermeasures.
- Solving
security holes (including workarounds in case patch application
is not applicable.)
- Installation of routers,
firewalls or setting of accessing control
- Strict ID/password management,
setting
Further, for individual user ,
following items should be taken care of.
- Updating of OS or application
software such as Windows Update or Office Update, etc.
- Confirmation for shared
settings of PC or security settings of wireless LAN
- Not easily assumable password
setting and management (do not tell it easily to third person,
etc.)
For System Administrators
“Practical Information for Information Security
Countermeasures: Pages for System Administrators” (in Japanese)
http://www.ipa.go.jp/security/awareness/administrator/administrator.html
“Practical Information for Information Security
Countermeasures: Pages for SOHO (small sized business site)” (in
Japanese)
http://www.ipa.go.jp/security/awareness/soho/soho.html
“Self Check Sheet for Security Countermeasures”
(in Japanese)
http://www.ipa.go.jp/security/ciadr/checksheet.html
“Set of Preventive Security Countermeasures Against
Damage of Unauthorized Computer Access” (in Japanese)
http://www.ipa.go.jp/security/ciadr/cm01.html
“Security Information of Vulnerability” (in Japanese)
http://www.ipa.go.jp/security/news/news.html
For End Users/Home Users
“Practical Information for Information Security
Countermeasures: Pages for End Users/Home Users” (in Japanese)
http://www.ipa.go.jp/security/awareness/end-users/end-users.html
“3 Procedures to Protect your PC” (Microsoft) (in
Japanese)
http://www.microsoft.com/japan/athome/security/protect/default.aspx
7. Yearly Network Monitoring Report for
2004
Following is the data
for aggregated numbers accessed to each port in servers in monitoring
environment provided by IPA. It can be seen that accessing to port
135 and port 445 are remarkably many; it implies that such
worm targeted at Windows vulnerability and such access by malicious
codes are likely to be increased . Further, a number of
unauthorized computer accesses from domestic are increased nowadays.
Those computers accessing to such ports are likely
to be infected by virus or hijacked.
Be alert if your PC shows following
symptoms:
- PC's start up time is getting anomaly
slow or its performance becomes slower these days.
- PC is suddenly shut down.
- Error message telling “insufficient
memory”, etc. is displayed.
- Hard disk I/O light is blinking
while PC is not in operation.
- Display is getting distorted.
- Unknown file is automatically created
or a certain file is missing.
- When Internet Explorer is started,
unknown page (written in English, etc.) is displayed.
- Pop up spam is frequently come out.
- Application for daily use does not
start up or takes longer time to start.
- Unknown icons are increased on desktop
or task bar.
- Mail is being sent while you are
not realized and mailing peers mad at you telling virus mail came.
- Receiving many virus/spam mails
nowadays.
In case,
have you ever done…?
- Opened attachment file to suspicious
mail by mistake.
- Downloaded unreliable free
tool or clicked doubtful link.
If your PC shows above
symptoms, please conduct virus check with your PC immediately
. In case you do not use anti-virus software, you can check
up infection by utilizing virus check up service online. Such service
is provided in the following vaccine vendors' Web site for your
further convenience.
- Trendmicro On-Line Scan (in Japanese)
http://www.trendmicro.co.jp/hcall/scan.htm
- Symantec Security Check (in Japanese)
http://www.symantec.com/region/jp/securitycheck/index.htm
- McAfee Free Scan (in Japanese)
http://www.mcafeesecurity.com/japan/mcafee/home/freescan.asp
In addition, please conduct Windows Update
as well.
- Windows Update (Microsoft)
http://windowsupdate.microsoft.com/
|
Japanese
backnumber