| Related Resources |
 |
|
 |
|
|
Monthly Incident Summary Reports: December 2004 - February
2005
Links to other reports are available on the Security
Reports Homepage.
Number of Agencies/Universities Reporting:
December 2004
| Universities |
32 |
9 |
42 |
83 |
| Agencies |
39 |
10 |
18 |
67 |
January 2005
| Universities |
36 |
12 |
12 |
60 |
| Agencies |
33 |
26 |
31 |
90 |
February 2005
| Universities |
37 |
12 |
7 |
56 |
| Agencies |
38 |
46 |
10 |
94 |
Types of Incidents:
Types of Incidents
| Actual Infections |
8,412 |
9,989 |
9,363 |
| Unauthorized Physical Access |
3 |
11 |
0 |
| Unauthorized Information Access |
277 |
40 |
54 |
| Web Site Defacement |
2 |
4 |
4 |
| Theft of Equipment |
3 |
16 |
5 |
| Theft of Information |
0 |
4 |
0 |
| Unauthorized Use/Misuse |
432 |
801 |
194 |
| Accident/Planned Disruption |
35 |
40 |
49 |
| Disruption or Denial of Services (DOS) |
12 |
24 |
17 |
| Other |
401 |
942 |
348 |
| Total |
9,577 |
10,1871 |
10,034 |
Impact of Incidents:
Impact of Incidents
| Dec 2004 |
2,126 |
815 |
$ 98,396 |
0 |
Jan 2005 |
3,078 |
467 |
$ 202,392 |
0 |
| Feb 2005 |
5,345 |
4,541 |
$ 209,474 |
0 |
Incident Profiles:
Incident Profiles
| Dec 2004 |
8,301,799 |
12,549 |
619,449 |
Jan 2005 |
7,649,576 |
73,505 |
519,035 |
| Feb 2005 |
17,183,184 |
44,826 |
605,074 |
Malicious Code:
Malicious Code
| Viruses/Worms |
1,990,040 |
5,895,006 |
3,557,884 |
| Logic Bombs |
4 |
275 |
35 |
| Back Doors |
8,158 |
7,644 |
10,089 |
| Other Malicious Code |
63,879 |
63,051 |
116,205 |
| Total Workstations/Hard Drives Infected |
8,351 |
9,947 |
9,076 |
| Total Servers Infected |
61 |
42 |
287 |
Server Types (Number of Systems):
Server Types (Number of Systems)
| Critical production applications and/or
data |
20 |
2 |
8 |
| Critical administrative/support applications
and/or data |
12 |
6 |
56 |
| Research applications and/or data |
5 |
17 |
379 |
| Academic applications and/or data |
4 |
23 |
16 |
| External use web servers |
12 |
14 |
13 |
| Internal use web servers |
2 |
1 |
5 |
| FTP Servers |
0 |
0 |
1 |
| Email Servers |
201,293 |
42,352 |
55,711 |
| Print Servers |
3 |
4 |
3 |
| Other Servers |
5 |
7 |
45 |
| Total |
201,356 |
42,416 |
56,237 |
Response Activities and General Information:
Response Activities and General information
| 1. Number of times
were incident response plans activated |
76 |
71 |
141 |
| 2. Number of times
disaster recovery plans activated due to security incident |
2 |
5 |
4 |
| 3. Average hours
from detection to containment |
376 |
352 |
636 |
| 4. Incidents with
response activity logs kept |
595 |
472 |
747 |
| 5. Damage to agency/university
IR assets |
6 |
25 |
60 |
| 5a. Number of Assets
restored |
4 |
24 |
58 |
| 6. Number of incidents
needed outside assistance |
1 |
2 |
4 |
| 7. Number of incidents
resulted in new security measures |
94 |
144 |
662 |
| 7a. Number of patches
installed |
418 |
1,130 |
1,011 |
| 7b. Number security
software installed |
12 |
98 |
80 |
| 7c. Number of additional
policies developed |
1 |
8 |
11 |
| 7d. Number other |
6 |
0 |
8 |
| 8. Number incidents
resulted in proliferation |
109 |
87 |
202 |
| 8a. Internal Systems |
159 |
69 |
147 |
| 8b. External Systems |
11 |
18 |
57 |
| 9. Incidents resulted
in external public awareness |
6 |
7 |
6 |
| 10. Number Incidents
reported to law enforcement |
1 |
3 |
4 |
Top 10 Viruses
| Dec
2004 |
Jan 2005 |
Feb
2005 |
| Netsky |
Netsky |
Bagle |
| Sober |
Bagle |
Netsky |
| Zafi |
Sobig |
Myddom |
| Beagle |
Lovgate |
Lovgate |
| MyDoom |
MyDoom |
Phis-BandFraud |
| Bagle |
Zafi |
Zafi |
| Lovegate |
Backdoor-BDD |
Beagle |
| MIME.gen |
MIME |
MIME |
| Erkez |
Gaobot |
Sober |
| Phish-Bank |
Phishing-Bank |
Erkez |
|
