IPA : IPA/ISEC Unauthorized Access Incident Report 3rd-quarter (from July to September 2011)

Unauthorized Computer Access Report for the 3rd Quarter of 2011

October 14, 2011

IT Security Center
Information-technology Promotion Agency, Japan (IPA)

This is the report on unauthorized computer access for the third quarter of 2011 (from July to September), compiled by Information-technology Promotion Agency, Japan (IPA).

According to the reports filed to IPA in the third quarter of 2011, the latest trend consisted mainly of:

A members-only site being logged on and used by a hacker impersonating a legitimate user
A server being penetrated by a hacker exploiting software vulnerability or carrying out password cracking attack; malicious code being embedded and the server being used as a stepping stone for attacking other servers
Personally identifiable information and credit-card information in a database being stolen through SQL injection attack

By referring to the following sites, be sure to make appropriate security settings on your computer and to implement operational and management security measures on an ongoing basis.

IPA Security Center – Information for individual users (in Japanese)
http://www.ipa.go.jp/security/personal/
Information security educational materials (in Japanese)
http://www.ipa.go.jp/security/fy18/reports/contents/

1. Number of Cases Reported

The number of cases reported in the third quarter of 2011 (from July to September) was 25 (about 74 percent of the previous quarter's level). The number of cases involving actual damages was up 18 cases (about 64 percent of the previous quarter's level).

Note) The number in parenthesis is that of the cases involving actual damages.

2.Breakdown by Type

The number of cases reported to IPA in the third quarter of 2011 was 25 (34 in the previous quarter). Among them, 18 cases (28 cases in the previous quarter) involved actual damages, accounting for 72 percent of all the cases reported. Actual damages in this context are caused by: "intrusion", "unauthorized mail relay", "Worm infection", "DoS", "spoofed address", "spoofing", "malicious code embedded" and other factors, and the number of cases involving actual damages is calculated by summing up each factor’s number of cases.

	3rd Qtr.2010		4th Qtr.2010		1st Qtr.2011		2nd Qtr.2011		3rd Qtr.2011
Intrusion	17	36.9%	14	28.0%	3	10.7%	11	32.4%	13	52.0%
Unauthorized Mail Relay	0	0.0%	0	0.0%	0	0.0%	0	0.0%	0	0.0%
Worm Infection	0	0.0%	0	0.0%	0	0.0%	0	0.0%	0	0.0%
DoS	3	6.4%	0	0.0%	1	3.6%	0	0.0%	1	4.0%
Spoofed address	1	2.1%	2	4.0%	0	0.0%	0	0.0%	0	0.0%
Spoofing	7	14.9%	4	8.0%	12	42.9%	13	38.2%	4	16.0%
Malicious code embedded	2	4.3%	1	2.0%	1	3.6%	1	2.9%	0	0.0%
Other factors (with damage)	1	2.1%	0	0.0%	0	0.0%	3	8.8%	0	0.0%
Evidence of access (failed attempt)	14	29.8%	28	56.0%	11	39.3%	6	17.6%	2	8.0%
Evidence of Worm	0	0.0%	0	0.0%	0	0.0%	0	0.0%	0	0.0%
Others (Not Damaged)	2	4.3%	0	0.0%	0	0.0%	0	0.0%	5	20.0%
Total	47		50		28		34		25

Note: shaded regions indicate the causes involving actual damages. All the ratios shown in the Table above are rounded to one decimal place, so they may not add up to 100 percent.

3. Cause of Damage

Of the 18 cases involving actual damages, 2 cases were caused by "Poor ID & password management", 2 cases by "Older version used/patch not applied" and 4 cases by "Inappropriate setting".

Note: If the reported damage was caused by multiple factors, one major factor is selected as representative and the count for the selected factor is incremented by 1.

4. Report Submitter

Breakdown of the report submitters is as follows:

Note:All the ratios shown in the Figure above are rounded to one decimal place, so they may not add up to 100 percent.

Inquiries to:

IT Security Center, Information-technology Promotion Agency, Japan (IPA/ISEC)
Tel:+81-3-5978-7591
Fax:+81-3-5978-7518
E-mail:

Top Page