This is a summary of Unauthorized
Computer Access Report Status for the 1 st Quarter (January –
March) of 2005 aggregated by IPA.
Followings are current
tendency studied from reporting status for the 1 st Quarter of 2005:
- A number
of indiscriminant attacks targeting any kind of computers including
PCs for home users;
- Such damages
intruded into the Web server sets up falsified Web contents for
phishing is increasing.
Please refer to the following
sites to continue security countermeasures such as thoroughness
of computer security settings and daily operational management in
your mind.
“Practical Information
for Information Security Countermeasures for End User/Home User”
(in Japanese)
http://www.ipa.go.jp/security/awareness/end-users/end-users.html
“Practical Information
for Information Security Countermeasures for System Administrators”
(in Japanese)
http://www.ipa.go.jp/security/awareness/administrator/administrator.html
1. Reported Number
Reported number
for the 1 st Quarter (January – March) of 2005 totaled 153
, an increase of about 13%, for gross reported number,
while the ratio for actual damage was almost doubled compared
with the reported number for the last quarter.
* %s shown
in the graph represents the ratio for actual damage taking over
for gross reported number.
2. Classified
by Reported Cause
Of the reported number (153) to IPA,
“ Access Probe (Attempt) ” or detection of
unauthorized access probe counted 116 (previous quarter:
121) which constituted 75.8% of over all of reports.
In addition, report for actual damage counted 32 (previous quarter:
15) which constituted 20.9% of over all of reports. Report for
the actual damage here refers to the total of “intrusion”,
“Infection w/Worms”, “Mail Address Spoofing”, “Unauthorized
Mail Relay”, “DoS” and “Others (Damaged)”.
|
Cause |
1
st Qtr. of 2004 |
2
nd Qtr. of 2004 |
3
rd Qtr. of 2004 |
4
th Qtr. of 2004 |
1
st Qtr. of 2005 |
Intrusion
|
11
|
9.0%
|
7
|
3.4%
|
14
|
10.5%
|
11
|
8.1%
|
18
|
11.8%
|
Access
Probe (Attempt) |
100
|
82.0%
|
184
|
90.6%
|
110
|
82.7%
|
121
|
89.0%
|
116
|
75.8%
|
Infection
w/Worms |
0
|
0.0%
|
0
|
0.0%
|
0
|
0.0%
|
0
|
0.0%
|
0
|
0.0%
|
Worm
Probe |
2
|
1.6%
|
3
|
1.5%
|
2
|
1.5%
|
0
|
0.0%
|
0
|
0.0%
|
Unauthorized
Mail Relay |
3
|
2.5%
|
0
|
0.0%
|
0
|
0.0%
|
0
|
0.0%
|
3
|
2.0%
|
Source
Address Spoofing |
1
|
0.8%
|
3
|
1.5%
|
5
|
3.8%
|
2
|
1.5%
|
0
|
0.0%
|
DoS
|
1
|
0.8%
|
3
|
1.5%
|
0
|
0.0%
|
0
|
0.0%
|
1
|
0.7%
|
Others
(Damaged) |
4
|
3.3%
|
3
|
1.5%
|
2
|
1.5%
|
2
|
1.5%
|
10
|
6.5%
|
Others
(Not Damaged) |
0
|
0.0%
|
0
|
0.0%
|
0
|
0.0%
|
0
|
0.0%
|
5
|
3.3%
|
Total
|
122
|
|
203
|
|
133
|
|
136
|
|
153
|
|
Of the report for the
actual damage (32): The breakdown of causes here referred insufficient
ID/password management with 8 , use of older version/not
yet applied any patches with 5 , insufficient installation
with 3 .
* In case
multiple causes were included in a report, the principle cause
was counted as 1 case/report.
Instances of
the Damages:
1. Exploited vulnerability
in the Web server software or penetrated into the Web server because
of insufficient password management and fake Web contents exploiting
phishing is being set up.
2. Penetrated
by Dictionary Attack against Web server management ID and its password
or such attacks exploiting vulnerability in OS which alters administrator
authenticated password or modify files to conduct attacks against
outside as a steppingstone.
3. Logged
into individual Home Pages utilizing one of service providers by
spoofing as identical person where contents/images used were altered
or deleted.
4. Spoofed
as identical person and utilized ID and its password for auction
sites where the ID was deleted, feedbacks were hacked and mails
are sent.
5. Because
of insufficient settings of ISS (Internet Information Server), WebDAV
functionality was exploited and Web contents were altered.
6. Penetrated
and top pages of the Web contents were altered since settings were
temporarily changed from default which operable from remote: It
has not yet been backed.
7. Web server
functionality is lowered by such accesses supposed to be DDoS.
8. Since one invitation
mail for a certain service is arrived, decided to take registration
procedures by entering own mail-address and password accessing from
the Web. At a later date, realized that the service was fictitious
and constituted individual information fraudulently.
9. When accessed
suspicious site, start page of the Internet Explorer was altered,
cannot be backed to default settings and functionality of security
software was being halted.
10. Accessed
to one adult sites and immediately clicked “yes” at its inquiry
window to allow downloading codes: after that malicious codes were
installed and/or billing screen for usage fee of never-been-visited
sites were displayed.
4. Classification
by Reporter
Regarding of breakdown for classification by reporter, individual
constituted about 81% which remains high ratio.
|
Japanese
Information Service Activities
Page Top