Font Size Change

HOMEIT SecurityIPA:IPA/ISEC Unauthorized Access Incident Report 3rd Quarter (July September2008)

PRINT PAGE

IT Security

IPA:IPA/ISEC Unauthorized Access Incident Report 3rd Quarter (July September2008)

October 14, 2008

IT Security Center
Information-technology Promotion Agency, Japan (IPA)

This is the summary report for the unauthorized computer access for the 3rd Quarter (July to September) in 2008 compiled by IPA.

According to the reports filed by IPA for the 3rd Quarter in 2008, following tendencies can be viewed.

  • There was number of damages caused by intrusion such as attacked to the port(s) used by SSH;
  • Such instance that a server was intruded by exploiting vulnerability in software or by password cracking attack and subsequently altered files and/or exploited as the steppingstone server to attack to the other server(s) are frequently occurred;
  • Someone logged-in to the member-only site(s) by spoofing to be a legitimate user to use the site fraudulently.

For thorough computer security configuration and daily operational measures, be sure to conduct adequate security measures by referring to the following URLs.

1. Reported Number

The reported numbers relevant to unauthorized computer access for the 3rd Quarter 2008 (July to September) was 48:  This eventually resulted in about 1.5 times higher than the previous quarter.  The number actually damaged was about 1.6 times higher than the previous quarter as well.

Chart1
Note) Of the numbers actually damaged are the numbers shown in the parentheses.

2. Reports by Damage Type

Of the reports for actually damaged was 40 (the previous quarter: 25) out of 48: the ratio taken over by that damaged reports reached to 83.3%.  The reports actually damaged included “intrusion”, “infection w/worms”, “source address spoofing”, “unauthorized mail relay”, “DoS” and “others (damaged)”.

Chart2

  3rd Qtr,'07 4th Qtr,'07 1st Qtr,'08 2nd Qtr,'08 3rd Qtr,'08
Intrusion 14 38.2
%
13 33.3
%
12 38.7
%
11 35.5
%
16 33.3
%
Unauthorized Mail Relay 0 0.0
%
0 0.0
%
0 0.0
%
0 0.0
%
0 0.0
%
Infection w/Worm 0 0.0
%
0 0.0
%
0 0.0
%
0 0.0
%
0 0.0
%
DoS 0 0.0
%
3 7.7
%
2 6.5
%
4 12.9
%
4 8.3
%
Source Address Spoofing 2 5.6
%
3 7.7
%
1 3.2
%
3 9.7
%
4 8.3
%
Others (Damaged) 13 36.1
%
8 20.5
%
9 29.0
%
7 22.6
%
16 33.3
%
Access Probe (Attempt) 7 19.4
%
10 25.6
%
2 6.5
%
3 9.7
%
2 4.2
%
Worm Probe 0 0.0
%
0 0.0
%
0 0.0
%
0 0.0
%
0 0.0
%
Others (Not Damaged) 0 10.0
%
2 5.1
%
5 16.1
%
3 9.7
%
6 12.5
%
Total 36 39 31 31 48

Note: The crack types shaded indicated the cracks actually caused damage. Since reported numbers are rounded at the 2nd place of arithmetic points; accordingly, the total may not make 100% sharp.

3. Damage Cause

Of the reports actually damaged (40); the major causes were insufficient ID/password management with 11, use of older version of patches/patches are not yet applied with 2 and insufficient configuration with 2, etc.

Chart3
Note: As for the report that has several causes were aggregated as 1 case under the major cause.

4. Classification of Reporters

The largest number was from individual users with 31 which taken over about 50% against the other 2 types of reporters.

Chart4
Note) Since numbers were rounded at the 2nd place of arithmetic points, accordingly the total may not make 100% sharp.

Inquiries to:

Information-Technology Promotion Agency, Security Center
Kagaya/Hanamura/Mochizuki
Tel:+81-3-5978-7527
Fax:+81-3-5978-7518
E-mail: Please feel free to call at +81-3-5978-7517.