Follows are of the reports classified by actually damaged.  The number of the contents of the damage was decreased 81 (about 34%) compared with the one in 2007.  The major reports filed with IPA are: alteration of files (inclusive of embedding of programs), lowering of service and alteration of homepages.  As for the breakdown in the “Others”, “Spoofing of legitimate user in on-line services”, “exploiting as a steppingstone to attack to the other site (s)”, etc. were the major damages.

About 50% were from individual reporters.

The actual damages can be classified by following causes: Insufficient ID/password management/configuration with 35 (29%), use of older versions/patches have not yet been applied with 16 (13%), insufficient configuration with 4 (3%), etc.  In addition, causes cannot be identified with 39 (33%) and was taking over about 30% against the whole.  Accordingly, it can be considered as the methodology of unauthorized computer access was getting sophisticated, such instances for which causes cannot be identified were proportionally increased.

The remarkable aspects in 2008 were as follows.  Intruded by the attack to the port used by SSH for which major cause is insufficient ID/password management, fraudulently accessed to the on-line services spoofed to be a legitimate user, exploited vulnerability (ies) in web applications were the named.  It can be said that such tendency is being maintained over the past several years.  For your information, most of damages listed here could have been successfully prevented if fundamental security measures were adequately conducted.  Accordingly, system administrators should review following items as well as to conduct comprehensive countermeasures.

- ID/password severe management/configuration

- Applying patches for security holes (includes operational preventive measures if applying patches is not available)

- Router/firewall configuration/access control configuration

- Frequently check logs

As for individual users, be sure to check back following items.

- Up-dates your OSs and application software by Windows Update and Office Update, etc.

- Password configuration/management (use of complexed password, change it routinely, do not tell it to the other people)

- Leverages your router and personal firewall

- Check back of encryption of configuration in wireless LAN (use WPA2 as possible as you can, but WEP)

Please also refer to the following URLs for your further security:

<For system administrators>

• “Enlightenment materials for information security” (in Japanese)
  http://www.ipa.go.jp/security/fy18/reports/contents/
• “The check point for vulnerability measures” (in Japanese)
  http://www.ipa.go.jp/security/vuln/20050623_websecurity.html
• “The way how to create secured website – revised ver.3” (in Japanese)
  http://ipa.go.jp/security/vuln/websecurity.html
• “JVN (Japan Vulnerability Notes)” *Portal site for informative vulnerability measures (in Japanese)
  http://www.ipa.go.jp/security/news/news.html
• SQL Injection detection tool “iLogScanner” (in Japanese)
  http://www.ipa.go.jp/security/vuln/iLogScanner.html

<For end users/home users>

• “Pages for individual users – IPA Security Center” (in Japanese)
  http://www.ipa.go.jp/security/personal/
  

• “Microsoft Security At Home” (Microsoft)
  http://www.microsoft.com/protect/default.mspx
  

Information-Technology Promotion Agency, Security Center
Kagaya/Hanamura/Ooura
Tel:+81-3-5978-7527
Fax:+81-3-5978-7518
E-mail: