| Related Resources |
 |
|
 |
|
|
Monthly Incident Summary Reports:
December 2007 - February 2008
Links to other reports are available on the Security
Reports Homepage.
Number of Agencies/Universities Reporting:
December 2007
| Organization Type |
Incidents |
No Incidents |
No Report |
Total |
| Universities |
37 |
19 |
9 |
65 |
| Agencies |
32 |
42 |
12 |
86 |
January 2008
| Organization Type |
Incidents |
No Incidents |
No Report |
Total |
| Universities |
39 |
19 |
7 |
65 |
| Agencies |
25 |
44 |
17 |
86 |
February 2008
| Organization Type |
Incidents |
No Incidents |
No Report |
Total |
| Universities |
38 |
16 |
11 |
65 |
| Agencies |
29 |
46 |
11 |
86 |
Types of Incidents:
Incidents
| Types of Incidents |
December 2007 |
January 2008 |
February 2008 |
| Actual Infections |
10646 |
912 |
1309 |
| Unauthorized Physical Access |
2 |
0 |
3 |
| Unauthorized Information Access |
282 |
372 |
412 |
| Web Site Defacement |
1 |
1 |
2 |
| Theft of Equipment |
10 |
10 |
26 |
| Theft of Information |
2 |
0 |
1 |
| Unauthorized Use/Misuse |
403 |
422 |
422 |
| Accidental Disruption |
48 |
17 |
35 |
| Disruption or Denial of Services (DOS) |
5 |
26 |
23 |
| Other |
14015 |
74 |
1350 |
| Total |
25414 |
6241 |
3583 |
Impact of Incidents:
Impact
| Month |
Total Hours |
Downtime Hours |
Total Cost |
Lost Data |
| December 2007 |
1686 |
555 |
$69,669 |
2 |
| January 2008 |
3253 |
197 |
$54,891 |
0 |
| February 2008 |
1845 |
99 |
$55,852 |
2 |
Incident Profiles:
Profiles
| Month |
Detected with IDS |
Internal Source |
External Source |
| December 2007 |
28,195,699 |
4,282,371 |
1,448,414 |
| January 2008 |
151,507,438 |
17,636 |
135,526,999 |
| February 2008 |
2,719,741 |
31,145 |
15,819,868 |
Malicious Code:
Malicious Code
| Malicious Code |
December 2007 |
January 2008 |
February 2008 |
| Viruses/Worms |
322,177 |
263,560 |
211,855 |
| Logic Bombs |
398 |
302 |
206 |
| Back Doors |
143 |
645 |
1,643 |
| Other |
1,164,336 |
158,815 |
1,770,411 |
Actual Infections:
Actual Infections
| Actual Infections |
December 2007 |
January 2008 |
February 2008 |
| Total Workstations/Hard Drives Infected |
10,610 |
903 |
1,297 |
| Total Servers Infected |
36 |
9 |
12 |
Server Types (Number of Systems):
Server Types (Number of Systems)
| Type of Systems Affected |
December 2007 |
January 2008 |
February 2008 |
| Critical production applications and/or data |
7 |
4 |
1 |
| Critical administrative/support applications and/or data |
123 |
6 |
15 |
| Research applications and/or data |
1 |
0 |
0 |
| Academic applications and/or data |
7 |
4 |
2 |
| External use web servers |
5 |
6 |
7 |
| Internal use web servers |
6 |
4 |
3 |
| FTP Servers |
3 |
0 |
476 |
| Email Servers |
21 |
645 |
43 |
| Print Servers |
0 |
0 |
0 |
| Other Servers |
8 |
7 |
17 |
| Total |
182 |
676 |
564 |
Response Activities and General Information:
Response Activities and General Information
| Question |
December 2007 |
January 2008 |
February 2008 |
| 1. Number of times were incident response plans activated |
52 |
63 |
70 |
| 2. Number of times disaster recovery plans activated due to security incident |
0 |
0 |
1 |
| 3. Average hours from detection to containment |
211 |
392 |
362 |
| 4. Incidents with response activity logs kept |
185 |
312 |
271 |
| 5. Damage to agency/university IR assets |
12 |
24 |
7 |
| 5a. Number of Assets restored |
11 |
23 |
7 |
| 6. Number of incidents needed outside assistance |
17 |
15 |
14 |
| 7. Number of incidents resulted in new security measures |
170 |
222 |
212 |
| 7a. Number of patches installed |
132 |
48 |
209 |
| 7b. Number security software installed |
160 |
187 |
209 |
| 7c. Number of additional policies developed |
1 |
4 |
16 |
| 7d. Number other |
2 |
2 |
0 |
| 8. Number incidents resulted in proliferation |
59 |
51 |
0 |
| 8a. Internal Systems |
20 |
11 |
0 |
| 8b. External Systems |
39 |
40 |
1 |
| 9. Incidents resulted in external public awareness |
5 |
5 |
6 |
| 10. Number Incidents reported to law enforcement |
6 |
6 |
19 |
Top Ten Viruses:
Top Ten Viruses
| December 2007 |
January 2008 |
February 2008 |
| SQL_SSRP_Slammer_Worm |
Trojan Horse |
Downloader |
| Win32/Vundo.IV |
SQL_SSRP_Slammer_Worm |
W32Advedol!html |
| Trojan Horse |
Win32/VMalum.QHC |
Trojan Horse |
| Generic!atr |
Cookie-207 |
Generic.dx |
| W32.FunLove.4099 |
Phishbank |
Vundo |
| Win32/VMalum.QHC |
Win32/Vundo.IV |
Vundo.gen.b |
| Trojan.Pandex |
Cookie-Atdmt |
W32.Mydoom.M@mm |
| Trojan.Vundo |
Troj/Pusho-Gen |
Trojan.Metajuan |
| W32.SillyFDC |
W32.Rontokbro@mm |
Trojan.Pandex |
| Downloader |
Cookie-Doubleclick |
W32.Netsky.P@mm!enc |
|
