| 
This is a summary of unauthorized computer access report status
from January to December, 2007 aggregated by IPA.
1. Reported Numbers
Yearly reported number
of unauthorized computer access in 2007 was 218 :
decreased about 34% compared with the one in
2006. For your further reference, following graph shows the shift
in reported number accepted by IPA in the last 10 years.
Though the reported number in 2007
was significantly decreased than that of 2006, reported
number actually damaged was almost the same . It seemed
that reporters refrain reporting for those that did not cause
actual damage.
*1) “Access
Probe (Attempt) refers that there realized certain trails of unauthorized
access on either server and/or firewall logs or both.
Type
of Reports |
2007
|
2006
|
Intrusion
|
54
|
94
|
|
Unauthorized
Mail Relay |
2
|
1
|
Infection w/Worm |
0
|
16
|
DoS (Denial of Service) |
5
|
12
|
Source Address Spoofing |
15
|
7
|
Others (Damaged) |
86
|
32
|
Access Probe (Attempt) |
51
|
159
|
Worm Probe |
0
|
5
|
Others (Not Damaged) |
5
|
5
|
Total |
218
(162) |
331
(162) |
* The type of reports
shaded and the numbers in parenthesis indicate the type of reports
actually damaged.
Following graph shows
damage contents of the reports actually damaged. The number of actually
damaged was subtly increased about 3% than that of the previous
year. The major damage reports were alteration of files (incl. embedding
malicious codes) and alteration of homepages. The contents of “Others
(damaged)” included “Spoofed to be a legitimate user for on-line
services”, “exploited as a steppingstone server to attack to
the outside servers”, etc.
| Damage
Contents |
2007
|
2006
|
Unauthorized
Mail Relay |
2 |
2 |
Server
Down |
2 |
0 |
Creation
of Unauthorized Accounts |
1 |
1 |
Alteration
of Homepages |
18
|
34
|
Theft
of Password Files |
0 |
0 |
Service
Lowering |
6 |
0 |
Open
Proxy |
0 |
16
|
Alteration
of Files |
93
|
92
|
Others
|
115
|
84
|
Total
|
237
(*) |
229
(*) |
* Since multiple damage
cause may be existed in an actual damage report, the total reported
number for actual damage is not conformed.
4. Type of
Reporter
As for the breakdown
of reporters, the ratio of individual reports is continually
decreased following to the previous year and the reported number
for the major type of reporters is evenly dispersed in ratio.
5. Damage
Cause
Reports for actually
damaged include insufficient ID/password management with 27 (17%),
use of older version/patches have not yet applied with 23 (14%)
and insufficient configuration with 6 (4%). Of unknown cause with
80 (49%) is significantly increased: it can be easily assumed that
the method of unauthorized computer access is further sophisticated
and it is getting harder to identify their causes as well.
Damage
Contents |
2007
|
2006
|
Insufficient
ID/Password Management |
27
|
46
|
Use
of Older Version/Patches are not yet Applied |
23
|
31
|
Insufficient
Configuration |
6 |
6 |
Unknown
|
80
|
57
|
Others
(DoS, etc) |
26
|
22
|
Total
|
162
|
162
|
6.
Information of Countermeasures
The remarkable damage causes
in 2007 were: the damages intruded by attacks to the ports
used by SSH (the major cause is insufficient ID/password configuration)
, the damages exploited the vulnerability in OSs
and/or Web applications, etc . However, these damages are
easily preventable if respective users would implement fundamental
security measures. Accordingly, system administrators
should primarily check following items upon conducting comprehensive
measures.
- Strict
management and/or configuration on ID/password
- Resolve
security holes (incl. operational preventive measures if patch
application is not available)
- Router/firewall
configuration/access control establishment
- Frequent
log check
As for individual
users , following actions/approaches are effective/helpful
for your security.
- OS
and application software update such as Windows Update or Office
Update, etc.
- Password
configuration/management (use of complex password, change
your password regularly, do not tell your password to third person,
etc.)
- Get
aware of security configuration on radio LAN and/or PC sharing
- Activate
router/personal firewall
Be sure to refer to the following
information for further security as well.
For System Administrators:
“Enlightenment materials
relevant to information security” (in Japanese)
http://www.ipa.go.jp/security/fy18/reports/contents/
“Checking points on vulnerability
measures” (in Japanese)
http://www.ipa.go.jp/security/vuln/20050623_websecurity.html
“How to establish secured
website rev. ver. 2” (in Japanese)
http://www.ipa.go.jp/security/vuln/websecurity.html
“Benchmark for information
security measures”
http://www.ipa.go.jp/security/english/benchmark_system.html
“JVN (Japan Vulnerability
Notes)” (in Japanese) *the portal site for vulnerability measures
information
http://www.ipa.go.jp/security/news/news.html
For End Users
“ IPA Security Center - Pages
for individual users” (in Japanese)
http://www.ipa.go.jp/security/personal/
“The minimum security measures
to protect your computer” (Microsoft)
http://www.microsoft.com/japan/athome/security/protect/default.aspx
|
Japanese
backnumber