Information-technology
Promotion Agency,
Japan
本文へ
IPA

TOP|Aplication|Contact us|Sitemap


Information-technology Promotion Agency, Japan
-japanese charactor-






IT Security Center

The Information-technology SEcurity Center (ISEC) is the center for promoting information security in Japan.









Japanese




Activities




Information Service Activities






Security Software Development Activities






CRYPTREC






IT SecurityAssurance







Organization







PGP key







RFCs







Mission Statement







Links







About IPA/ISEC







IPA TOP>IT Security Center Japanese TOP>IT Security Center English TOP>information



 

Unauthorized Computer Access Incident Report for 3rd Quarter of 2007

(July - September)


October 26, 2007
IT Security Center
Information-technology Promotion Agency, Japan (IPA)



 

This is a summary of unauthorized computer access for the 3rd Quarter (July to September) of 2007.

This is the summary of unauthorized computer access report for the Third Quarter of 2007 (July September) compiled by IPA (Information-technology Promotion Agency).

As for the current trend from the viewpoint of the reporting status for the Third Quarter of 2007, it is realized that;

-   There are number of damages invaded by the attacks to the ports used by SSH;

-   There are number of damages invaded to servers by exploiting vulnerability in software to alter files and to use the steppingstone to attack to the other sites;

-   There are number of damages that computers are used illegally by logging in to a membership site spoofing to be a legitimate user.

Be sure to conduct thorough security configuration and continually conduct daily operational management as security measures by referring following URL.

Practical Information for Information Security Measures for End-users/Home-users (in Japanese)

http://www.ipa.go.jp/security/awareness/end-users/end-users.html

Practical Information for Information Security Measures for System Administrators (in Japanese)

http://www.ipa.go.jp/security/awareness/administrator/administrator.html


1. Reported Number

The reported number for the Third Quarter of 2007 was 36 in total and was about a half of the previous quarter in number. The number for actually damaged was, too, about a half of the previous quarter in number.

Reported Number of Unauthorized Computer Access

Note) The numbers shown in mauve bar present the actual number of damaged.

 

2. Type of Report

Of 36 (previous quarter = 75) reported to IPA, the reports actually damaged was 29 (previous quarter = 61) or 80.6% against the whole. The reports actually damaged included Intrusion, Infection w/Worm, Source Address Spoofing and Unauthorized Mail-Relay DoS and Others (Damaged).

Reports of Unauthorized Computer Access by Type

 

3 rd Qtr. of 2006

4 th Qtr. of 2006

1 st Qtr. of 2007

2 nd Qtr. of 2007

3 rd Qtr. of 2007

Intrusion

29

26.1%

18

32.1%

9

13.2%

18

24.0%

14

38.9%

Unauthorized Mail Relay

0

0.0%

1

1.8%

0

0.0%

2

2.7%

0

0.0%

Infection w/Worm

11

9.9%

1

1.8%

0

0.0%

0

0.0%

0

0.0%

DoS

4

3.6%

3

5.4%

2

2.9%

0

0.0%

0

0.0%

Source Address Spoofing

3

2.7%

2

3.6%

5

7.4%

5

6.7%

2

5.6%

Others (Damaged)

12

10.8%

7

12.5%

29

42.6%

36

48.0%

13

36.1%

Access Probe (Attempt)

50

45.0%

23

41.1%

21

30.9%

13

17.3%

7

19.4%

Worm Probe

0

0.0%

1

1.8%

0

0.0%

0

0.0%

0

0.0%

Others (Not Damaged)

2

1.8%

0

0.0%

2

2.9%

1

1.3%

0

0.0%

Total

111

56

68

75

36

Note:   the shaded parts are the incident types actually damaged .

           %s shown above are rounded at the 2 nd place of arithmetic decimal points,

           the total may not be made 100%, accordingly.

 

3. Damage Cause

Of 29 reports actually damaged, insufficient ID/password management with 12 , use of older version/not yet applied patches with 3 , etc. are the major causes.

Unauthorized Access by Damage Cause

Note: The report that has multiple damage cause is aggregated as 1 case/report

         under the major damage cause.

 

4. Type of Reporters

The breakdown of reporters by type indicates that Individual User is taking over the highest ratio of about 50% against the whole.

Reporters by Type

Note: The number in ratio is rounded at the 2 nd arithmetic points, so that the total

         may not make 100% sharp, accordingly.



Contact
IT Security Center, Information-technology Promotion Agency (IPA/ISEC)
Tel:+81-3-5978-7527

Fax:+81-3-5978-7518

E-mail:





Term of Use


Copyright(c) Information-technology Promotion Agency, Japan. All rights reserved 2005