IPA : IPA/ISEC Unauthorized Access Incident Report 1st Quarter (January

Unauthorized Computer Access Report for the 1st Quarter of 2010

April 20, 2010

IT Security Center
Information-technology Promotion Agency, Japan (IPA)

This is the report on unauthorized computer access for the first quarter of 2010 (from January to March), compiled by Information-technology Promotion Agency, Japan (IPA).

According to the reports filed to IPA in the first quarter of 2010, the latest trend consisted mainly of:

A members-only site being logged on and used by a hacker impersonating a legitimate user
A Website being defaced by Gumblar
A server being penetrated by a hacker exploiting software vulnerability or carrying out password cracking attack; its files being altered or malicious code being embedded; and the server being used as a stepping stone for attacking other servers

By referring to the following sites, be sure to make appropriate security settings on your computer and to implement operational and management security measures on an ongoing basis.

IPA Security Center – Information for individual users (in Japanese)
http://www.ipa.go.jp/security/personal/
Information security educational materials (in Japanese)
http://www.ipa.go.jp/security/fy18/reports/contents/

1. Number of Cases Reported

The number of cases reported in the first quarter of 2010 (from January to March) was 66, up 25 cases, or 161 percent, from the previous quarter. The number of cases involving actual damages was up 16 cases, or 162 percent, from the previous quarter.

Note) The number in parenthesis shows the actual damage.

2.Breakdown by Type

The number of cases reported to IPA in the first quarter of 2010 was 66 (41 in the previous quarter). Among them, 42 cases (26 cases in the previous quarter) involved actual damages, accounting for 64 percent of all the cases reported. Actual damages in this context are caused by: "intrusion", "unauthorized mail relay", "Worm infection", "DoS", "spoofed address", "spoofing", "malicious code embedded" and other factors, and the number of cases involving actual damages is calculated by summing up each factor’s number of cases.

	1st Qtr,'09		2nd Qtr,'09		3rd Qtr,'09		4th Qtr,'09		1st Qtr,'10
Intrusion	8	20.5 %	8	33.3 %	10	22.2 %	10	24.4 %	25	37.9 %
Unauthorized Mail Relay	0	0.0 %	1	4.2 %	0	0.0 %	1	2.4 %	0	0.0 %
Worm Infection	0	0.0 %	0	0.0 %	0	0.0 %	0	0.0 %	0	0.0 %
DoS	2	5.1 %	2	8.3 %	0	0.0 %	1	2.4 %	2	3.0 %
Spoofed address	1	2.6 %	0	0.0 %	1	2.2 %	0	0.0 %	1	1.5 %
Spoofing	3	7.7 %	4	16.7 %	12	26.7 %	13	31.7 %	11	16.7 %
Malicous code embedded	10	25.6 %	2	8.3 %	0	0.0 %	0	0.0 %	2	3.0 %
Other factors (with damage)	2	5.1 %	1	4.2 %	3	6.7 %	1	2.4 %	1	1.5 %
Evidence of access (failed attempt)	13	33.3 %	6	25.0 %	19	42.2 %	14	34.1 %	20	30.3 %
Evidence of Worm	0	0.0 %	0	0.0 %	0	0.0 %	0	0.0 %	0	0.0 %
Others (Not Damaged)	0	0.0 %	3	0.0 %	0	0.0 %	1	2.4 %	4	6.1 %
Total	39		24		45		41		66

Note: shaded regions indicate the causes involving actual damages. All the ratios shown in the Table above are rounded to one decimal place, so they may not add up to 100 percent.

3. Cause of Damage

Of the 42 cases involving actual damages, 4 cases were caused by "Poor ID & password management", 3 cases by "Older version used/patch not applied" and 2 cases by "Setting error".

Note: If the reported damage was caused by multiple factors, one major factor is selected as representative and the count for the selected factor is incremented by 1.

4. Report Submitter

Breakdown of the report submitters are as follows:

Note:All the ratios shown in the Figure above are rounded to one decimal place, so they may not add up to 100 percent.

Inquiries to:

IT Security Center, Information-technology Promotion Agency, Japan (IPA/ISEC)
Kagaya/Hanamura/Ooura
Tel:+81-3-5978-7527
Fax:+81-3-5978-7518
E-mail:

Top Page