HOME >> IT Security >> information
Reports for Unauthorized Computer Access for the First-half (January – June 2008)
July 16, 2008
IT Security Center
Information-technology Promotion Agency, Japan (IPA)
IPA summarized for the reports relevant to unauthorized computer access filed by users for the first-half (January – June) 2008.
According to the reporting status for the first-half 2008, following tendencies are observed:
- There are number of cases of information theft and/or data alteration intruded by the attack which exploits vulnerability in web application.
- There are number of cases that the ports used by SSH were intruded and exploited as a steppingstone server to attack to the other sites by malicious intents.
Accordingly, it is necessary to conduct continual security measures such as configuration of sufficient security, operational management, etc. by referring following URLs.
-
Secured Programming Course (in Japanese):
http://www.ipa.go.jp/security/awareness/vendor/programmingv2/ - Practical Information for Information Security Measures for System
Administrators (in Japanese):
http://www.ipa.go.jp/security/awareness/administrator/administrator.html
1. Reported Number
The reported number for the first-half (January – June) 2008 was 62: decreased about 17% from the previous half and the ratio actually damaged was also decreased about 13%.
Note) The numbers in the parenthesis indicate the number actually damaged.
2. Type of Unauthorized Computer Access
The gross reported number filed with IPA was 62: of 49, the number of reports for actually damaged, was about 79% (previous half: 56). The reports actually damaged include “Intrusion”, “Infection w/Worm”, “Source Address Spoofing”, “Unauthorized Mail Relay”, “DoS” and “”Others (Damaged)”.
| First-half ‘06 | Last-half ‘06 | First-half ‘07 | Last-half ‘07 | First-half ‘08 | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Intrusion | 47 | 28.2% | 47 | 28.1% | 27 | 18.9% | 27 | 36.0% | 23 | 37.1% |
| Unauthorized Mail Relay | 0 | 0.0% | 1 | 0.6% | 2 | 1.4% | 0 | 0.0% | 0 | 0.0% |
| Infection w/Worm | 4 | 2.4% | 12 | 7.2% | 0 | 0.0% | 0 | 0.0% | 0 | 0.0% |
| DoS | 5 | 3.0% | 7 | 4.2% | 2 | 1.4% | 3 | 4.0% | 6 | 9.7% |
| Mailing Address Spoofing | 2 | 1.2% | 5 | 3.0% | 10 | 7.0% | 5 | 6.7% | 4 | 6.5% |
| Others (Damaged) | 13 | 7.9% | 19 | 11.4% | 65 | 45.5% | 21 | 28.0% | 16 | 25.8% |
| Access Probe (Attempt) | 86 | 52.4% | 73 | 43.7% | 34 | 23.8% | 17 | 22.7% | 5 | 8.1% |
| Worm Probe | 4 | 2.4% | 1 | 0.6% | 0 | 0.0% | 0 | 0.0% | 0 | 0.0% |
| Others (Not Damaged) | 3 | 1.8% | 2 | 1.2% | 3 | 2.1% | 2 | 2.7% | 8 | 12.9% |
| Total | 164 | 167 | 143 | 75 | 62 | |||||
Note: types of damages yellowed are the reports actually damaged. Since ratios are rounded at the second places of arithmetic points so that the total may not make 100% sharp, accordingly.
3. Damage Cause
The reports actually damaged was 49: insufficient ID/password management with 17, use of older version of patches/patches have not yet been applied with 5, insufficient configuration with 2, etc. were the major causes of damage.
Note: The reports which carry several damage causes are counted as 1 case under the major cause.
4. Classification of Reporters
The largest number was from individual users with 31 which taken over about 50% against the other 2 types of reporters.
Contact
IT Security Center, Information-technology Promotion Agency (IPA/ISEC)
Tel:+81-3-5978-7527
Fax:+81-3-5978-7518
E-mail: 