| Related Resources |
 |
|
 |
|
|
Monthly Incident Summary Reports
December 2006 - February 2007
Links to other reports are available on the Security
Reports Homepage.
Number of Agencies/Universities Reporting:
December 2006
| Universities |
37 |
17 |
9 |
63 |
| Agencies |
31 |
41 |
13 |
85 |
January 2007
| Universities |
33 |
18 |
12 |
63 |
| Agencies |
34 |
39 |
12 |
85 |
February 2007
| Universities |
35 |
17 |
11 |
63 |
| Agencies |
35 |
39 |
11 |
85 |
Types of Incidents:
Types of Incidents
| Actual Infections |
1,433 |
2,266 |
1,025 |
| Unauthorized Physical Access |
4 |
1 |
0 |
| Unauthorized Information Access |
85 |
76 |
64 |
| Web Site Defacement |
1 |
1 |
3 |
| Theft of Equipment |
33 |
9 |
19 |
| Theft of Information |
1 |
0 |
4 |
| Unauthorized Use/Misuse |
167 |
161 |
51 |
| Accidental Disruption |
21 |
30 |
60 |
| Disruption or Denial of Services (DOS) |
296 |
1 |
206 |
| Other |
1,403 |
5,423 |
867 |
| Total |
3,444 |
7,968 |
2,299 |
Impact of Incidents:
Impact of Incidents
| December 2006 |
6,621 |
2,918 |
$309,494 |
1 |
| January 2007 |
4,505 |
132 |
$84,187 |
1 |
| February 2007 |
3,194 |
199 |
$193,029 |
1 |
Incident Profiles:
Incident Profiles
| December 2006 |
11,172,005 |
5,979 |
3,153,471 |
| January 2007 |
13,922,527 |
26,074 |
3,492,544 |
| February 2007 |
14,461,349 |
95,322 |
3,643,769 |
Malicious Code:
Malicious Code
| Viruses/Worms |
302,352 |
384,341 |
675,573 |
| Logic Bombs |
0 |
0 |
204 |
| Back Doors |
301 |
3,918 |
33 |
| Other Malicious Code |
398,867 |
289,828 |
108,395 |
| Total Workstations/Hard Drives Infected |
2,495 |
730 |
881 |
| Total Servers Infected |
92 |
1,526 |
144 |
Server Types (Number of Systems):
Server Types (Number of Systems)
| Critical production applications and/or
data |
23 |
22 |
35 |
| Critical administrative/support applications
and/or data |
58 |
145 |
23 |
| Research applications and/or data |
5 |
10 |
7 |
| Academic applications and/or data |
3 |
13 |
35 |
| External use web servers |
8 |
25,920 |
22,461 |
| Internal use web servers |
11 |
4 |
5 |
| FTP Servers |
478 |
514 |
691 |
| Email Servers |
1,016 |
3,716 |
2,099 |
| Print Servers |
3 |
4 |
2 |
| Other Servers |
62 |
29 |
259 |
| Total |
1,667 |
30,377 |
25,617 |
Response Activities and General Information:
Response Activities and General information
| 1. Number of times were incident response plans activated |
121 |
48 |
136 |
| 2. Number of times disaster recovery plans activated due to security incident |
13 |
3 |
5 |
| 3. Average hours from detection to containment |
2,370 |
516 |
833 |
| 4. Incidents with response activity logs kept |
384 |
329 |
278 |
| 5. Damage to agency/university IR assets |
16 |
12 |
27 |
| 5a. Number of Assets restored |
16 |
13 |
28 |
| 6. Number of incidents needed outside assistance |
55 |
7 |
21 |
| 7. Number of incidents resulted in new security measures |
381 |
256 |
225 |
| 7a. Number of patches installed |
380 |
1,859 |
279 |
| 7b. Number security software installed |
320 |
250 |
203 |
| 7c. Number of additional policies developed |
10 |
5 |
49 |
| 7d. Number other |
0 |
2 |
6 |
| 8. Number incidents resulted in proliferation |
19 |
92 |
17 |
| 8a. Internal Systems |
17 |
148 |
9 |
| 8b. External Systems |
6 |
8 |
8 |
| 9. Incidents resulted in external public awareness |
6 |
5 |
8 |
| 10. Number Incidents reported to law enforcement |
20 |
2 |
10 |
Top Ten Viruses:
Top 10 Viruses
| December 2006 |
January 2007 |
February 2007 |
| Slammer |
Slammer |
Erkez |
| Mydoom |
Phish-Bank Fraud |
Slammer |
| Netsky |
HckPk |
Spybot |
| Kakaves |
Fujack |
Mydoom |
| Beagle |
Mytob |
Netsky |
| Dref |
Netsky |
Tibs |
| Mytob |
MyDoom |
Sdbot |
| Mixor |
Gaobot |
Mytob |
| Stration |
Bagle |
Bloodhound |
| Sdbot |
Peacomm |
HckPk-A |
|
