This is the summary of unauthorized
computer access report for the first-half of 2007
(January – June)
compiled by IPA (Information-technology Promotion Agency).
As for the current trend
in accordance to the reporting status for the first-half of 2007,
it is realized that;
- there are number of attacks
exploiting vulnerability residing in applications,
- there are number of attacks
to the ports used by SSH.
Accordingly, you are to ensure
the configuration of your computer and to conduct
certain security measures
as part of daily operational management by referring
following sites.
- On-line
Secured Programming Session for Web Applications
http://www.ipa.go.jp/security/awareness/vendor/programmingv2/
(in Japanese)
- Practical
Information for Information Security Measures for System Administrators
http://www.ipa.go.jp/security/awareness/administrator/administrator.html
(in Japanese)
1. Reported Number
The gross reported
number for the first-half of 2007 (January to June) is 143 ;
though the gross reported
number is about 14% decreased compared with the one in the
previous period, but
the reported number for the damage ratio is about 16% increased.
Note)
The numbers in parenthesis above represent the number
actually damaged .
Of 143 reports filed by
IPA, the reports relevant to “access probe (attempt)”,
the
detection of
attempts of unauthorized access probe is 34 (previous: 73)
which
constitute the largest
number, 23.8%, against entire type of reports. In addition, the
reports for actually
damaged are 106 (previous: 91) which constitute 74.1%. The type
of reports for actually
damaged include “intrusion”, “infection w/worm”, “source
address
spoofing”, “unauthorized
mail relay”, “DoS” and “others (damaged)”.
|
Cause |
First-half 2005 |
Last-half 2005 |
First-half 2006 |
Last-half
2006 |
First-half 2007 |
| Intrusion
|
46
|
14.4%
|
52
|
26.5%
|
47
|
28.7%
|
47
|
28.1%
|
27
|
18.9%
|
| Unauthorized
Mail Relay |
5
|
1.6%
|
3
|
1.5%
|
0
|
0.0%
|
1
|
0.6%
|
2
|
1.4%
|
| Infection
w/Worm |
3
|
0.9%
|
5
|
2.6%
|
4
|
2.4%
|
12
|
7.2%
|
0
|
0.0%
|
| DoS
|
14
|
4.4%
|
7
|
3.6%
|
5
|
3.0%
|
7
|
4.2%
|
2
|
1.4%
|
| Source
Address Spoofing |
2
|
0.6%
|
4
|
2.0%
|
2
|
1.2%
|
5
|
3.0%
|
10
|
7.0%
|
| Others
(Damaged) |
19
|
6.0%
|
16
|
8.2%
|
13
|
7.9%
|
19
|
11.4%
|
65
|
45.5%
|
| Access
Probe (Attempt) |
223
|
69.6%
|
102
|
52.0%
|
86
|
52.4%
|
73
|
43.7%
|
34
|
23.8%
|
| Worm
Probe |
2
|
0.6%
|
5
|
2.6%
|
4
|
2.4%
|
1
|
0.6%
|
0
|
0.0%
|
| Others
(Not Damaged) |
5
|
1.6%
|
2
|
1.0%
|
3
|
1.8%
|
2
|
1.2%
|
3
|
2.1%
|
| Total
|
319
|
|
196
|
|
164
|
|
167 |
|
143
|
|
Note) The yellowed
type of reports above indicate the type of reports actually
damaged.
The
%s are rounded at the 2 nd place of arithmetic point so that the
total may
not make 100% sharp.
Of 106 reports for actually
damaged, the major cause include insufficient ID/password
management with 10 , use of older version/patch
is not applied with 16 , etc.
* Those reports
that have multiple damage cause are aggregated as 1 case/report
under
its main cause.
4. Classified
by Reporter
The major reporters are from
education/research institution with 57 (about 40%)
which tend to increase.
|
Japanese