DIR Masthead

SIRS Monthly Incident Reports

Number of Agencies/Universities Reporting:

**June 2011**
Organization Type	Incidents	No Incidents	No Report	Total
Universities	50	8	7	65
Agencies	35	26	22	83

**July 2011**
Organization Type	Incidents	No Incidents	No Report	Total
Universities	50	10	5	65
Agencies	34	38	11	83

**August 2011**
Organization Type	Incidents	No Incidents	No Report	Total
Universities	49	11	5	65
Agencies	40	27	16	83

Types of Incidents:

Types of Incidents	June 2011	July 2011	August 2011
Actual Infections	12,149	14,187	11,081
Unauthorized Physical Access	1	2	1
Unauthorized Information Access	2	8	4
Web Site Defacement	5	1	2
Theft of Equipment	18	10	5
Theft of Information	1	1	4
Unauthorized Use/Misuse	13	24	20
Accidental Disruption	44	37	25
Disruption or Denial of Services (DOS)	3	0	0
Other	10,699	25,860	7,268
Total	22.935	40,130	18,410

Impact of Incidents:

Month	Total Hours	Downtime Hours	Total Costs	Lost Data
June 2011	4,539	253	$ 235,807	0
July 2011	3,490	1,574	$ 169,814	1
August 2011	3,131	10,725	$ 133,860	1

Incident Profiles:

Month	Detected with IDS	Internal Source	External Source
June 2011	645,437,568	53,728	645,453,502
July 2011	302,522,776	307,113	302,159,233
August 2011	960,816	133,140	41,105.596

Malicious Code:

Malicious Code	June 2011	July 2011	August 2011
Viruses/Worms	434,883	338,230	443,621
Logic Bombs	0	0	2
Back Doors	7,363	372	8,043
Trojan	636,575	56,822	163,989
Adware	2,274	973	1,330
Spyware	4,811	2,886	6,869
Popups	269	3	4
Spam	57,065,208	23,789,137	23,456,389
Keystroke Logger	0	8	2
Phishing	371	400	746
SQL Injections	4,653	1,974	548
Cross-Site Scripting	2,862	7,175	1,722
Other Malicious Code	558,349,267	223,324,793	562,291,257

Actual Infections:

Actual Infections	June 2011	July 2011	August 2011
Total Workstations/Hard Drives Infected	12,045	14,076	10,992
Total Servers Infected	104	111	89

Server Types (Number of Systems):

Type of Systems Affected	June 2011	July 2011	August 2011
Critical production applications and/or data	21	5	82
Critical administrative/support applications and/or data	20	14	7
Research applications and/or data	1	0	8
Academic applications and/or data	1	2	0
External use web servers	7	7	8
Internal use web servers	3	4	5
FTP Servers	4	2	0
Email Servers	6	6	17
Print Servers	0	0	1
Other Servers	10,340	25,544	6,998
Total	10,403	25,584	7,126

Response Activities and General Information:

Question	June 2011	July 2011	August 2011
1. Number of times were incident response plans activated	435	165	144
2. Number of times disaster recovery plans activated due to security incident	2	5	7
3. Average hours from detection to containment	200	278	180
4. Incidents with response activity logs kept	627	478	452
5. Damage to agency/university IR assets	2	0	15
5a. Number of Assets restored	0	0	15
6. Number of incidents needed outside assistance	21	16	15
7. Number of incidents resulted in new security measures	340	259	271
7a. Number of patches installed	321	252	254
7b. Number security software installed	273	199	222
7c. Number of additional policies developed	1	3	0
7d. Number other	0	0	0
8. Number incidents resulted in proliferation	94	69	72
8a. Internal Systems	54	45	46
8b. External Systems	40	24	26
9. Incidents resulted in external public awareness	3	23	11
10. Number Incidents reported to law enforcement	4	13	7

Top Ten Viruses:

June 2011	July 2011	August 2011
-	-	Others
Trojan.Gen	Packed.Vuntid!gen3	FakeAlert-KS
Trojan Horse	Trojan.Sasfis	Trojan Horse
Trojan.Sasfis	Trojan.Horse	Packed.Vuntid!gen3
Packed.Vuntid!gen3	Trojan.Gen	Cookie-Yieldmanager
Trojan.Zefarch	W32.Ackantta.C@mm	gen:trojan.heur.bdt.bqw@bwdottoi
W32.Mozipowp	Trojan.Gen	Cookie-Atwola
gen.variant.kazy.26697	Troj/Invo-Zip	Cookie-Casalmedia
Generic BackDoor!die	W32.Mozipowp	Cookie-Atdmt
Troj/Invo-Zip	Mal/FakeAV-LI	gen:trojan.heur.fu.bqw@a0jg0qpi

Dept. of Information Resources
300 W. 15th St. Ste. 1300
Austin, TX 78701 MAP
(512) 475-4700

© Department of Information Resources 2012