Following are the damage contents for actual damages reported: decreased 49 or about 31% from previous year.  In addition, “Alteration of homepages” was increased, but “Service lowering” and “Alteration of files”, instead.

Almost of the half of the reports were filed by individual users.

Upon analyzing the damage cause actually reported, Insufficient ID/Password Management/Configuration with 11 (12%), Use of Older Version of Patches/Never installed patches with 16 (17%), Insufficient Configuration with 6 (6%) are involved.  In addition, those for which causes have not yet been identified are exceeded more than the half of the entire damage causes: it can easily foresee that hardly identifiable damage causes will be increased as the methods for unauthorized computer access is further sophisticated.

Because of insufficient ID/password management, server was turned to be a steppingstone to attack to the other site (s)/webpage was altered by malicious intent who covertly intruded to the subjected servers, monetary damage relevant to on-line service used by someone spoofed to be the legitimate user who actually signed up with were the peculiar damages in 2009.  It is remarkable that, of the most of the causes relevant to spoofing have not yet been identified.  In another words, most of the damages other than “spoofing” may have been preventable if user conducts adequate security measures routinely.  Accordingly, be sure that system administrators should conduct/review following measures thoroughly.

- Strict ID/password management/configuration

- Resolving of security holes (operational preventive measures is included if applying patches is not available)

- Router/firewall configuration/access restriction

- Frequent log check

Individual users should be cautious/review with the following items when you use your computer.

- Be sure to update your OSs and applications via Windows Update, Office Update, etc.

- Password configuration/management (to make your password be complex, change it regularly and do not tell it to anyone with ease, etc.)

- Leveraging of router/firewall

- Check your configuration relevant to radio LAN if it is encrypted (use WPA2 as possible as you can as WEP does not provide sufficient security)

Please also refer to the following URLs.

<For system administrators>

• “Enlightenment materials for information security” (in Japanese)
  http://www.ipa.go.jp/security/fy18/reports/contents/
• “The check point for vulnerability measures” (in Japanese)
  http://www.ipa.go.jp/security/vuln/20050623_websecurity.html
• “The way how to create secured website – revised ver.3” (in Japanese)
  http://ipa.go.jp/security/vuln/websecurity.html
• “JVN (Japan Vulnerability Notes)”
  http://jvn.jp/en/
• “Security Alert for SQL injection attack” (in Japanese)
  http://www.ipa.go.jp/security/vuln/documents/2008/200805_SQLinjection.html
• “Security Alert for the known vulnerability in DNS server used by website” (in Japanese)
  http://www.ipa.go.jp/security/vuln/documents/2009/200912_dns.html
• “Security Alert for those websites in where older version of software products are used” (in Japanese)
  http://www.ipa.go.jp/security/vuln/documents/2009/200903_update.html

<For end users/home users>

• “Pages for individual users – IPA Security Center” (in Japanese)
  http://www.ipa.go.jp/security/personal/
  

• “Microsoft Security At Home” (Microsoft)
  http://www.microsoft.com/nz/protect/default.mspx

• “MyJVN (Security configuration checker, version checker) (in Japanese) http://jvndb.jvn.jp/apis/myjvn/
  

Information-Technology Promotion Agency, Security Center
Kagaya/Hanamura/Ooura
Tel:+81-3-5978-7527
Fax:+81-3-5978-7518
E-mail: