| 
This is a summary of unauthorized computer access report status
from January to December, 2005 aggregated by IPA.
1. Reported Numbers
Yearly reported number
for unauthorized computer access for 2005 was 515 :
13% decreased compared with the reported number
in 2004. Following graph shows the transition for yearly reported
number accepted by IPA Security Center in the past 9 years.
In 2005, reported number relevant to
intrusion (about 2.3times higher than previous) and/or DoS (about
5.3 times higher than previous) were significantly increased compared
with the one in 2004. In addition, reported number for actually
be damaged was drastically increased (about 2.4 times higher than
previous) entirely.
*1) “Access Probe
(Attempt)” specifies that there are some attempts in relation
to
unauthorized computer access have been realized in server/firewall
logs.
*2) Worm Probe refers
there is not any of damage by infection even detected a
certain access by worm(s).
Reported
Type |
2005
|
2004
|
Intrusion
|
98
|
43
|
Unauthorized
Mail Relay |
8
|
3
|
Worm
Infection |
8
|
0
|
DoS
|
21
|
4
|
Source
Address Spoofing |
6
|
11
|
Others
(Damaged) |
35
|
11
|
Access
Probe (Attempt) |
325
|
515
|
Worm
Probe |
7
|
7
|
Others
(Not Damaged) |
7
|
0
|
|
Total
|
515
(176) |
594
(72) |
Following is the classification
of damage contents aggregated from the reports actually damaged.
The case number for the damage contents was drastically increased
– about 2.4 times higher than previous year. Damage reports relevant
to modification of files (including program embedding) and alteration
of home pages were reported many.
Damage
Contents |
2005
|
2004
|
Unauthorized
Mail Relay |
9
|
4
|
Server
Downing |
6
|
5
|
Creation
of Unauthorized Accounts |
4
|
1
|
Alteration
of Home Pages |
32
|
15
|
Password
Theft |
1
|
3
|
Service
Lowering |
16
|
3
|
Opened
Proxy |
1
|
2
|
Modification
of Files |
69
|
21
|
Others
|
68
|
31
|
Total
|
206
(*) |
85
(*) |
* Since actual reported
number may contain multiple damage contents, the number of damage
contents may not equal to the total of damage contents, accordingly.
4. Classification
of Reporters
In the breakdown for
the classification of reporters, ratio for reports from
individuals were decreased , however, it still constitutes
unchangeable large number – 73.0% . Along with
the promulgation in constantly connected environment such as ADSL
and/or fiber-optic network, etc. by individual/SOHO users, what
one can be assumed is either a corporation or an individual,
whomever it is, they are subjected to attack discriminately .
5. Damage
Cause
The reports actually
damaged were classified by following causes: insufficient ID/password
management/setups with 42 (23.9%), use of older versions/any patches
are not installed with 28 (15.9%), insufficient setups with 14 (8.0%).
Other than these, unidentified causes with 60 (4.1%): it seemed
that it would be difficult to explore specific causes as the methodology
of unauthorized computer access is getting sophisticated.
Damage
Causes |
2005
|
2004
|
Insufficient
ID/Password Management / Setups |
42
|
9
|
Use
of Older Version/Patches are not Installed |
28
|
11
|
Insufficient
Setups |
14
|
9
|
Unidentified
|
60
|
25
|
Others
(DoS, etc.) |
32
|
18
|
Total
|
176
|
72
|
6.
Information of Countermeasures
As for remarkable damage in 2005, number of such damage
that have been exploited vulnerabilities in Web applications by
SQL Injection, etc. were happened . However, number of
case that could have been prevented from potential damages could
be seen if fundamental security is being measured. We encourage
you to get back from the beginning: system administrator
is to confirm following items and be sure to conduct thoroughly
countermeasures.
- Strict ID/password
management/setups ;
- Resolve security
holes (including operational preventive measures if
application
of patches is unavailable) ;
- Setup routers/firewalls
and/or accessing controls .
In addition, please be cautious
to the following items if you are an individual user .
- Upgrade your OSs
and applications utilizing Windows Update and/or Office
Update,
etc.;
- Adequate password
setups/management (make it complexity, change it
regularly,
do not tell it to third person easily, etc.);
- Confirm security
setups about wireless LAN and/or shared PCs.
For
System Administrators
“Benchmark for Information
Security Countermeasures” (in Japanese)
http://www.ipa.go.jp/security/benchmark/
“Practical Information
Security Countermeasures, Pages for System Administrators” (in
Japanese)
http://www.ipa.go.jp/security/awareness/administrator/administrator.html
“Practical Information
Security Countermeasures, Pages for SOHO (small site) Users” (in
Japanese)
http://www.ipa.go.jp/security/awareness/soho/soho.html
“Self-Check Sheet for
Security Countermeasures” (in Japanese)
http://www.ipa.go.jp/security/ciadr/checksheet.html
“Checking Points for Anti-Vulnerability
Measures” (in Japanese)
http://www.ipa.go.jp/security/vuln/20050623_websecurity.html
“Cautionary Items relevant
to Operation of e-Commercial Transaction for Consumers” (in Japanese)
http://www.ipa.go.jp/security/vuln/20050304_ec_security.html
“Preventive Measures for
Unauthorized Computer Access” (in Japanese)
http://www.ipa.go.jp/security/ciadr/cm01.html
“Vulnerability Information
from the Other Organizations” (in Japanese)
http://www.ipa.go.jp/security/news/news.html
For
End Users/SOHO (Home) Users
“Practical Information
for Information Security Countermeasures, Pages for End Users/SOHO
(Home) Users” (in Japanese)
http://www.ipa.go.jp/security/awareness/end-users/end-users.html
“Mandate Security Measures
to Protect Your Computer” (Microsoft)
http://www.microsoft.com/japan/athome/security/protect/default.aspx
|
Japanese
backnumber