IPA : IPA/ISEC Unauthorized Access Incident Report 1st-Half (from January to June 2011)

Unauthorized Computer Access Report for the 1st Half of 2011

July 15, 2011

IT Security Center
Information-technology Promotion Agency, Japan (IPA)

This is the report on unauthorized computer access for the first half of 2011 (from January to June), compiled by Information-technology Promotion Agency, Japan (IPA).

According to the reports filed to IPA in the first half of 2011, the latest trend mainly consisted of:

A members-only site being logged on and used by a hacker impersonating a legitimate user
A server being hacked into by a hacker exploiting software vulnerability or carrying out password cracking attack; its files being altered or malicious code being embedded; and the server being used as a stepping stone for attacking other servers

By referring to the following sites, be sure to make appropriate security settings on your computer and to implement operational and management security measures on an ongoing basis.

IT Security Center, IPA – Information for individual users (in Japanese)
http://www.ipa.go.jp/security/personal/
IT Security Center, IPA – Countermeasures against Unauthorized Access (in Japanese)
http://www.ipa.go.jp/security/fusei/ciadr.html

1. Number of Cases Reported

The number of cases reported in the first half of 2011 (from January to June) was 49, which is about 51 percent of the level of the second half of 2010, decreasing 48 cases from the previous half-year period. The number of cases involving actual damages fell to 70 percent of the second half of 2010, decreasing 16 cases from the previous half-year period.

Note: The number in parenthesis indicates the number of the cases involving actual damages.

2.Breakdown by Type

The number of cases reported to IPA in the first half of 2011 was 49 (97 in the second half of 2010). Among them, 37 cases (53 cases in the second half of 2010) involved actual damages, accounting for 75 percent of all the cases reported. Actual damages in this context are caused by: "intrusion", "unauthorized mail relay", "Worm infection", "DoS", "spoofed address", "spoofing", "malicious code embedded" and "other factors (with damage)" and the number of cases involving actual damages is calculated by summing up each factor’s number of cases.

	The 1st half of 2009		The 2nd half of 2009		The 1st half of 2010		The 2nd half of 2010		The 1st half of 2011
Intrusion	16	25.4%	20	23.3%	36	36.0%	31	32.0%	16	32.7%
Unauthorized Mail Relay	1	1.6%	1	1.2%	0	0.0%	0	0.0%	1	2.0%
Worm Infection	0	0.0%	0	0.0%	0	0.0%	0	0.0%	0	0.0%
DoS	4	6.3%	1	1.2%	2	2.0%	5	5.2%	2	4.1%
Spoofed address	1	1.6%	1	1.2%	1	1.0%	2	2.1%	0	0.0%
Spoofing	7	11.1%	25	29.1%	24	24.0%	11	11.3%	16	32.7%
Malicious code embedded	12	19.0%	0	0.0%	3	3.0%	3	3.1%	2	4.1%
Other factors (with damage)	3	4.8%	4	4.7%	4	4.0%	1	1.0%	0	0.0%
Evidence of access (failed attempt)	19	30.2%	33	38.4%	26	26.0%	42	43.3%	12	24.5%
Evidence of Worm	0	0.0%	0	0.0%	0	0.0%	0	0.0%	0	0.0%
Others (Not Damaged)	0	0.0%	1	1.2%	4	4.0%	2	2.1%	0	0.0%
Total	63		86		100		97		49

Note: shaded regions indicate the cases involving actual damages. All the ratios shown in the table above are rounded to one decimal place, so they may not add up to 100 percent.

3. Cause of Damage

Of the 37 cases involving actual damages, 9 cases were caused by "Poor ID & password management", 5 cases by "Older version used/patch not applied" and 5 cases by "Inappropriate setting".

Note: If the reported damage was caused by multiple factors, one major factor is selected as representative and the count for the selected factor is incremented by 1.

4. Report Submitter

Breakdown of the report submitters are as follows:

Note:All the ratios shown in the Figure above are rounded to one decimal place, so they may not add up to 100 percent.

Inquiries to:

IT Security Center, Information-technology Promotion Agency, Japan (IPA/ISEC)
Tel:+81-3-5978-7591
Fax:+81-3-5978-7518
E-mail:

Top Page