| Related Resources |
 |
|
 |
|
|
Monthly Incident Summary Reports: June - August 2006
Links to other reports are available on the Security
Reports Homepage.
Number of Agencies/Universities Reporting:
June 2006
| Universities |
32 |
15 |
16 |
63 |
| Agencies |
30 |
37
|
18 |
85 |
July 2006
| Universities |
36 |
19 |
8 |
63 |
| Agencies |
30 |
45 |
10 |
85 |
August 2006
| Universities |
32 |
19 |
12 |
63 |
| Agencies |
28 |
46 |
11 |
85 |
Types of Incidents:
Types of Incidents
| Actual Infections |
927 |
1,610 |
1,434 |
| Unauthorized Physical Access |
481 |
1 |
0 |
| Unauthorized Information Access |
35 |
425 |
446 |
| Web Site Defacement |
0 |
10 |
3 |
| Theft of Equipment |
17 |
13 |
6 |
| Theft of Information |
0 |
8 |
2 |
| Unauthorized Use/Misuse |
50 |
170 |
172 |
| Accidental Disruption |
55 |
39 |
22 |
| Disruption or Denial of Services (DOS) |
74 |
131 |
54 |
| Other |
1,013 |
3,078 |
617 |
| Total |
2,652 |
5,485 |
2,756 |
Impact of Incidents:
Impact of Incidents
| June 2006 |
2,073 |
874 |
$96,546 |
0 |
| July 2006 |
2,826 |
688 |
$79,842 |
0 |
| August 2006 |
3,055 |
945 |
$107,696 |
1 |
Incident Profiles:
Incident Profiles
| June 2006 |
6,224,492 |
17,784 |
910,438 |
| July 2006 |
3,734,671 |
22,606 |
1,407,000 |
| August 2006 |
870,442 |
45,948 |
833,088 |
Malicious Code:
Malicious Code
| Viruses/Worms |
592,353 |
471,027 |
464,863 |
| Logic Bombs |
12 |
71 |
172 |
| Back Doors |
62 |
1,761 |
614 |
| Other Malicious Code |
572,367 |
1,046,126 |
380,576 |
| Total Workstations/Hard Drives Infected |
914 |
1,597 |
1,597 |
| Total Servers Infected |
13 |
13 |
46 |
Server Types (Number of Systems):
Server Types (Number of Systems)
| Critical production applications and/or
data |
10 |
58 |
23 |
| Critical administrative/support applications
and/or data |
47 |
54 |
30 |
| Research applications and/or data |
6 |
1 |
8 |
| Academic applications and/or data |
12 |
1 |
10 |
| External use web servers |
22,284 |
20,044 |
23,421 |
| Internal use web servers |
7 |
6 |
0 |
| FTP Servers |
805 |
647 |
599 |
| Email Servers |
1,117 |
535 |
956 |
| Print Servers |
1 |
4 |
1 |
| Other Servers |
14 |
194 |
656 |
| Total |
24,303 |
21,544 |
25,704 |
Response Activities and General Information:
Response Activities and General information
| 1. Number of times
were incident response plans activated |
81 |
149 |
29 |
| 2. Number of times
disaster recovery plans activated due to security incident |
2 |
1 |
0 |
| 3. Average hours
from detection to containment |
395 |
273 |
356 |
| 4. Incidents with
response activity logs kept |
155 |
243 |
183 |
| 5. Damage to agency/university
IR assets |
6 |
7 |
11 |
| 5a. Number of Assets
restored |
8 |
9 |
12 |
| 6. Number of incidents
needed outside assistance |
5 |
7 |
6 |
| 7. Number of incidents
resulted in new security measures |
122 |
123 |
176 |
| 7a. Number of patches
installed |
117 |
254 |
298 |
| 7b. Number security
software installed |
134 |
95 |
209 |
| 7c. Number of additional
policies developed |
5 |
1 |
6 |
| 7d. Number other |
4 |
9 |
0 |
| 8. Number incidents
resulted in proliferation |
5 |
93 |
36 |
| 8a. Internal Systems |
3 |
18 |
14 |
| 8b. External Systems |
1 |
75 |
23 |
| 9. Incidents resulted
in external public awareness |
0 |
2 |
2 |
| 10. Number Incidents
reported to law enforcement |
3 |
4 |
3 |
Top Ten Viruses:
Top 10 Viruses
| June 2006 |
July 2006 |
August 2006 |
| SQL Slammer |
SQL Slammer |
Slammer |
| Erkez |
MyDoom |
MyDoom |
| Mydoom |
Netsky |
Erkez |
| Mytob |
Erkez |
Netsky |
| Netsky |
Iframe_CID!exploit |
Mytob |
| Generic Malware.alzip |
Mytob |
IR-Mocbot |
| Zafi |
a!zip |
Bagle |
| Bagle |
Sasser |
Phis-BranFraud |
| Bloodhound |
Bagle |
Beagle |
| Sasser |
Beagle |
Sasser |
|
