Font Size Change

HOMEIT SecurityIPA:IPA/ISEC Unauthorized Access Incident Report 1st Quarter (January March2009)

PRINT PAGE

IT Security

IPA:IPA/ISEC Unauthorized Access Incident Report 1st Quarter (January March2009)

April 13, 2009

IT Security Center
Information-technology Promotion Agency, Japan (IPA)

This is the report for unauthorized computer access for the 1st Quarter of 2009 (January to March) compiled by IPA.

According to the reports filed by IPA, following tendencies are identified:

  • Number of intrusions caused by the attack to the port used by SSH
  • By exploiting the vulnerability in software or by password cracking attack to intrude to the servers in where files are altered and/or malicious programs are embedded to exploit as the steppingstone server to attack to the other servers.
  • Someone spoofed to be a legitimate user logs in to the member only site in where he/she is fraudulently served.

Please refer to the following URLs to ensure thorough security configuration and to conduct daily operational management as a continual security measures.

1. Reported Number

The total reported number for the 1st Quarter of 2009 (January – March) was 39 and was decreased to about 87% (4th Quarter of 2008: 45).  The reports actually damaged were also decreased to about 84% (4th Quarter of 2008: 31).

Chart1
Note) The number in parenthesis shows the actual damage.

2. Reports by Damage

The total reported number filed by IPA was 39 (previous Quarter: 45): of 26 was the reports for actual damage (previous Quarter: 31) or about 67% against the whole reported number.  The reports for actual damage included “intrusion”, “unauthorized mail relay”, “infection w/worms”, “DoS”, “source address spoofing”, “masquerading”, “embedding of malicious programs” and “others (damaged)”.

Chart2

  1st Qtr,'08 2nd Qtr,'08 3rd Qtr,'08 4th Qtr,'08 1st Qtr,'09
Intrusion 12 38.7 % 11 35.5 % 16 33.3 % 16 35.6 % 8 20.5 %
Unauthorized Mail Relay 0 0.0 % 0 0.0 % 0 0.0 % 0 0.0 % 0 0.0 %
Infection w/Worm 0 0.0 % 0 0.0 % 0 0.0 % 0 0.0 % 0 0.0 %
DoS 2 6.5 % 4 12.9 % 4 8.3 % 1 2.2 % 2 5.1 %
Source Address Spoofing 1 3.2 % 3 9.7 % 4 8.3 % 1 2.2 % 1 2.6 %
Masquerading *   *   *   *   3 7.7 %
Embedding of Malicious Program *   *   *   *   10 25.6 %
Others (Damaged) 9 29.0 % 7 22.6 % 16 33.3 % 13 28.9 % 2 5.1 %
Access Probe (Attempt) 2 6.5 % 3 9.7 % 2 4.2 % 14 31.1 % 13 33.3 %
Worm Probe 0 0.0 % 0 0.0 % 0 0.0 % 0 0.0 % 0 0.0 %
Others (Not Damaged) 5 16.1 % 3 9.7 % 6 12.5 % 0 0.0 % 0 0.0 %
Total 31 31 48 45 39

Note: Damages grayed are the actual damage reported. Since every ratio is rounded at the 2nd arithmetic points so that the total may not make 100% sharp, accordingly.

“Masquerading” and “Embedding of Malicious Programs” were aggregated into “Others (Damaged)” up to the 4th Qtr. of 2008.

3. Damage Cause

The report for actual damage was 26: Of insufficient ID/password management with 2, use of older version/not yet applied patches with 8, etc. were the major causes.

Chart3
Note: Those reports that have multiple causes were counted as 1/report under its major cause.  This graph is aggregated only by those reports actually damaged.

4. Reporters

The breakdown of reporters is as follow.

Chart4
Note) Since every ratio is rounded at the 2nd arithmetic points so that the total may not make 100% sharp, accordingly.

Inquiries to:

Information-Technology Promotion Agency, Security Center
Kagaya/Hanamura/Ooura
Tel:+81-3-5978-7527
Fax:+81-3-5978-7518
E-mail: Please feel free to call at +81-3-5978-7517.