| Related Resources |
 |
|
 |
|
|
Monthly Incident Summary Reports
December 2005 - February 2006
Links to other reports are available on the Security
Reports Homepage.
Number of Agencies/Universities Reporting:
December 2005
| Universities |
35 |
19 |
9 |
63 |
| Agencies |
32 |
45 |
8 |
85 |
January 2006
| Universities |
38 |
16 |
9 |
63 |
| Agencies |
34 |
43 |
8 |
85 |
February 2006
| Universities |
38 |
16 |
9 |
63 |
| Agencies |
32 |
47 |
6 |
85 |
Types of Incidents:
Types of Incidents
| Actual Infections |
2,955 |
1,668 |
2,121 |
| Unauthorized Physical Access |
1 |
2 |
2 |
| Unauthorized Information Access |
9 |
4 |
22 |
| Web Site Defacement |
3 |
4 |
1 |
| Theft of Equipment |
9 |
16 |
24 |
| Theft of Information |
5 |
0 |
0 |
| Unauthorized Use/Misuse |
45,501 |
133 |
123 |
| Accidental Disruption |
340 |
426 |
467 |
| Disruption or Denial of Services (DOS) |
158 |
10 |
9 |
| Other |
7,161 |
530 |
1,799 |
| Total |
56,142 |
2,793 |
4,568 |
Impact of Incidents:
Impact of Incidents
| December 2005 |
5,521 |
619 |
$127,669 |
0 |
| January 2006 |
4,059 |
477 |
$156,368 |
1 |
| February 2006 |
5,207 |
927 |
347,974 |
0 |
Incident Profiles:
Incident Profiles
| December 2005 |
4,648,632 |
1,162,243 |
1,063 |
| January 2006 |
6,643,180 |
44,427 |
7,433 |
| February 2006 |
3,987,033
|
45,887
|
489,943
|
Malicious Code:
Malicious Code
| Viruses/Worms |
2,931,657 |
2,163,823 |
697,560 |
| Logic Bombs |
290 |
10 |
4,836 |
| Back Doors |
5,662 |
453 |
3,108 |
| Other Malicious Code |
626,504 |
212,859 |
176,120 |
| Total Workstations/Hard Drives Infected |
2,927 |
1,656 |
2,105 |
| Total Servers Infected |
28 |
12 |
16 |
Server Types (Number of Systems):
Server Types (Number of Systems)
| Critical production applications and/or
data |
68 |
3 |
10 |
| Critical administrative/support applications
and/or data |
3 |
5 |
13 |
| Research applications and/or data |
1 |
6 |
3 |
| Academic applications and/or data |
6 |
6 |
15 |
| External use web servers |
8 |
19,202 |
17,480 |
| Internal use web servers |
12 |
3 |
3 |
| FTP Servers |
0 |
263 |
370 |
| Email Servers |
3,936 |
30 |
84,273 |
| Print Servers |
2 |
3 |
1 |
| Other Servers |
12 |
142 |
62 |
| Total |
4,048 |
19,663 |
102,230 |
Response Activities and General Information:
Response Activities and General information
| 1. Number of times were incident response plans activated |
532 |
555 |
372 |
| 2. Number of times disaster recovery plans activated due to security incident |
3 |
2 |
5 |
| 3. Average hours from detection to containment |
838 |
720 |
279 |
| 4. Incidents with response activity logs kept |
523 |
434 |
533 |
| 5. Damage to agency/university IR assets |
16 |
13 |
5 |
| 5a. Number of Assets restored |
13 |
56 |
4 |
| 6. Number of incidents needed outside assistance |
22 |
46 |
8 |
| 7. Number of incidents resulted in new security measures |
510 |
389 |
459 |
| 7a. Number of patches installed |
503 |
375 |
486 |
| 7b. Number security software installed |
480 |
320 |
299 |
| 7c. Number of additional policies developed |
4 |
26 |
13 |
| 7d. Number other |
0 |
4 |
0 |
| 8. Number incidents resulted in proliferation |
10 |
8 |
9 |
| 8a. Internal Systems |
2 |
4 |
32 |
| 8b. External Systems |
8 |
3 |
4 |
| 9. Incidents resulted in external public awareness |
1 |
2 |
3 |
| 10. Number Incidents reported to law enforcement |
2 |
14 |
4 |
Top Ten Viruses:
Top 10 Viruses
| December 2005 |
January 2006 |
February 2006 |
| Sober |
Sasser |
Slammer |
| Zatob |
Zatob |
Mytob |
| Slammer |
Blaster |
Netsky |
| Mytob |
Sober |
Sasser.Worm |
| Netsky |
Slammer |
Bagle |
| Zafi |
Mytob
|
Cachecachekit |
| Bagle |
Netsky |
Spyki |
| Phising BankFraud |
SDBot |
Randex |
| Erkez |
Phishing BankFraud |
Blaster |
| Mydoom |
Cachecachekit |
Beagle |
|
