Font Size Change

HOMEIT SecurityIPA:IPA/ISEC Unauthorized Access Incident Report 1st-quarter (from January to March2011)

PRINT PAGE

IT Security

IPA:IPA/ISEC Unauthorized Access Incident Report 1st-quarter (from January to March2011)

April 14, 2011

IT Security Center
Information-technology Promotion Agency, Japan (IPA)

This is the report on unauthorized computer access for the first quarter of 2011 (from January to March), compiled by Information-technology Promotion Agency, Japan (IPA).

According to the reports filed to IPA in the first quarter of 2011, the latest trend consisted mainly of:

  • A members-only site being logged on and used by a hacker impersonating a legitimate user
  • A server being penetrated by a hacker exploiting software vulnerability or carrying out  password cracking attack; malicious code being embedded and the server being used as a stepping stone for attacking other servers

By referring to the following sites, be sure to make appropriate security settings on your computer and to implement operational and management security measures on an ongoing basis.

1. Number of Cases Reported

The number of cases reported in the first quarter of 2011 (from January to March) was 28, which is about 56 percent of the previous quarter level. The number of cases involving actual damages was 17, which is about 77 percent of the previous quarter level.


Note) The number in parenthesis is that of the cases involving actual damages.

2.Breakdown by Type

The number of cases reported to IPA in the first quarter of 2011 was 28 (50 in the previous quarter). Among them, 17 cases (22 cases in the previous quarter) involved actual damages, accounting for about 61 percent of all the cases reported.  Actual damages in this context are caused by: "intrusion", "unauthorized mail relay", "Worm infection", "DoS", "spoofed address", "spoofing", "malicious code embedded" and other factors, and the number of cases involving actual damages is calculated by summing up each factor’s number of cases.

  1st Qtr,'10 2nd Qtr,'10 3rd Qtr,'10 4th Qtr,'10 1st Qtr,'11
Intrusion 25 37.9% 11 32.4% 17 36.2% 14 28.0% 3 10.7%
Unauthorized Mail Relay 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0%
Worm Infection 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0%
DoS 2 3.0% 0 0.0% 3 6.4% 2 4.0% 1 3.6%
Spoofed address 1 1.5% 0 0.0% 1 2.1% 1 2.0% 0 0.0%
Spoofing 11 16.7% 13 38.2% 7 14.9% 4 8.0% 12 42.9%
Malicious code embedded 2 3.0% 1 2.9% 2 4.3% 1 2.0% 1 3.6%
Other factors (with damage) 1 1.5% 3 8.8% 1 2.1% 0 0.0% 0 0.0%
Evidence of access (failed attempt) 20 30.3% 6 17.6% 14 29.8% 28 56.0% 11 39.3%
Evidence of Worm 0 0.0% 0 0.0% 0 0.0% 0 0.0% 0 0.0%
Others (Not Damaged) 4 6.1% 0 0.0% 2 4.3% 0 0.0% 0 0.0%
Total 66 34 47 50 28

Note: shaded regions indicate the causes involving actual damages. All the ratios shown in the Table above are rounded to one decimal place, so they may not add up to 100 percent.

3. Cause of Damage

Of the 17 cases involving actual damages, 2 cases were caused by "Poor ID & password management", 1 case by "Older version used/patch not applied" and 1 case by "Inappropriate setting".


Note: If the reported damage was caused by multiple factors, one major factor is selected as representative and the count for the selected factor is incremented by 1.

4. Report Submitter

Breakdown of the report submitters is as follows:


Note:All the ratios shown in the Figure above are rounded to one decimal place, so they may not add up to 100 percent.

Inquiries to:

IT Security Center, Information-technology Promotion Agency, Japan (IPA/ISEC)
Tel:+81-3-5978-7591
Fax:+81-3-5978-7518
E-mail: