|
This is a summary
of unauthorized computer access for the 1st Quarter (January to
March) of 2007.
This is the summary reports
of the unauthorized computer access for the 1 st Quarter (January
– March) of 2007 compiled by IPA.
From the viewpoints of the
reports filed by IPA for the 1 st Quarter of 2007, following issues
can be discussed as the current tendencies:
- Number of attacks
to the ports used by SSH.
- Most of damages
are alteration of files, exploiting as a steppingstone server for
attacks to the other servers by penetrating to the server that has
vulnerability in software.
- Number of damages
is caused by the servers being embedded bot to attack the other
servers as a steppingstone server.
- Number of damages
caused by the misuse of member-only services such as online games,
auctions, blogs, etc. by the malicious person who illegally logged
in spoofed to be a legitimate user.
Should you always maintain
thorough computer security configuration and the security measures
as the daily operational management by referring to the following
sites.
Practical Information
for Information Security Measures for End User/Home User
(in Japanese)
http://www.ipa.go.jp/security/awareness/end-users/end-users.html
Practical Information
for Information Security Measures for System Administrators
(in Japanese)
http://www.ipa.go.jp/security/awareness/administrator/administrator.html
1. Reported Number
The total reported
number for the 1 st Quarter 2007 (January – March) was 68
which resulted almost 20% larger than the previous quarter. In
addition, the number for actually damaged was resulted almost
40% larger than the previous quarter as well.
Note) Numbers in the
parenthesis are the case numbers actually damaged .
2. Type of Reports
Of the 68 reports filed
by IPA, the most remarkable type of reports was for “Access
Attempts (Probe)” , the development of fraudulent access
attempts, with 21 reports which constituted
30.9% against the entire reports. In addition, the reports for
actually damaged was 45 reports (previous quarter: 32 reports)
which constituted 66.2% against the entire reports. The reports
for actual damage was the total of “Intrusion”, “Infection
w/Worm”, “Source Address Spoofing”, “Unauthorized Mail
Relay”, “DoS” and “Others (Damaged)”.
|
|
1st
Qtr. 2006 |
2nd
Qtr. 2006 |
3rd
Qtr. 2006 |
4th
Qtr. 2006 |
1st Qtr. 2007 |
Intrusion
|
26
|
22.8%
|
21
|
42.0%
|
29
|
26.1%
|
18
|
32.1%
|
9
|
13.2%
|
Unauthorized
Mail Relay |
0
|
0.0%
|
0
|
0.0%
|
0
|
0.0%
|
1
|
1.8%
|
0
|
0.0%
|
Infection
w/Worm |
0
|
0.0%
|
4
|
8.0%
|
11
|
9.9%
|
1
|
1.8%
|
0
|
0.0%
|
DoS
|
2
|
1.8%
|
3
|
6.0%
|
4
|
3.6%
|
3
|
5.4%
|
2
|
2.9%
|
Mailing
Address Spoofing |
1
|
0.9%
|
1
|
2.0%
|
3
|
2.7%
|
2
|
3.6%
|
5
|
7.4%
|
Others
(Damaged) |
9
|
7.9%
|
4
|
8.0%
|
12
|
10.8%
|
7
|
12.5%
|
29
|
42.6%
|
Access
Probe (Attempt) |
71
|
62.3%
|
15
|
30.0%
|
50
|
45.0%
|
23
|
41.1%
|
21
|
30.9%
|
Worm
Probe |
4
|
3.5%
|
0
|
0.0%
|
0
|
0.0%
|
1
|
1.8%
|
0
|
0.0%
|
Others
(Not Damaged) |
1
|
0.9%
|
2
|
4.0%
|
2
|
1.8%
|
0
|
0.0%
|
2
|
2.9%
|
Total
|
114
|
50
|
111
|
56
|
68
|
Note) The
type of reports shaded are the type of reports actually
damaged . Since the %s above are all rounded at the 2
nd decimal points so that the total may not be 100% sharp.
3. Damage Cause
Of 45 reports actually
damaged, the breakdown of cause includes insufficient
ID/password management with 5 , use of older
version of patches/patches are not yet installed with 4 ,
etc.
Note: The report that has
multiple damage causes is aggregated as 1 case with its major cause/report.
4. Classification by
Filers
As for the breakdown of classification
of filers, “Individual User” takes over about 46%
in which constitutes continually highest ratio.
Note) Since
the ratio in numbers are rounded at the 1 st decimal points, the
total may not make 100% sharp, accordingly.
|
Japanese