| Related Resources |
 |
|
 |
|
|
Monthly Incident Summary Reports:
June – August 2008
Links to other reports are available on the Security
Reports Homepage.
Number of Agencies/Universities Reporting
June 2008
| Organization Type |
Incidents |
No Incidents |
No Report |
Total |
| Universities |
43 |
14 |
7 |
64 |
| Agencies |
31 |
46 |
6 |
83 |
July 2008
| Organization Type |
Incidents |
No Incidents |
No Report |
Total |
| Universities |
43 |
13 |
9 |
64 |
| Agencies |
38 |
41 |
4 |
83 |
August 2008
| Organization Type |
Incidents |
No Incidents |
No Report |
Total |
| Universities |
41 |
18 |
5 |
64 |
| Agencies |
34 |
39 |
10 |
83 |
Types of Incidents
Types of Incidents
| Types of Incidents |
June 2008 |
July 2008 |
August 2008 |
| Actual Infections |
743 |
4,085 |
1,463 |
| Unauthorized Physical Access |
1 |
0 |
0 |
| Unauthorized Informational Access |
8 |
86 |
11 |
| Web Site Defacement |
3 |
7 |
1 |
| Theft Of Equipment |
5 |
22 |
7 |
| Theft Of Information |
0 |
0 |
2 |
| Unauthorized Use/Misuse |
447 |
1,071 |
193 |
| Accidental Disruption |
26 |
41 |
36 |
| Disruption or Denial of Services (DOS) |
5 |
25 |
7 |
| Other |
348 |
1,538 |
102,240 |
| Total |
1,586 |
6,875 |
103.960 |
Impact of Incidents
Impact Of Incidents
| Month |
Total Hours |
Downtime Hours |
Total Costs |
Lost Data |
| June 2008 |
1,503 |
305 |
$53,477 |
0 |
| July 2008 |
3,113 |
859 |
$515,520 |
1 |
| August 2008 |
2,358 |
694 |
$78,150 |
0 |
Incident Profiles
Incident Profiles
| Month |
Detected with IDS |
Internal Source |
External Source |
| June 2008 |
32,390,284 |
20,976 |
30,656,231 |
| July 2008 |
25,408,178 |
52,193 |
24,036,528 |
| August 2008 |
36,719,288 |
25,148 |
36,702,198 |
Malicious Code
Malicious Code
| Malicious Code |
June 2008 |
July 2008 |
August 2008 |
| Viruses/Worms |
5,240,186 |
244,751 |
13,950,596 |
| Logic Bombs |
0 |
592 |
0 |
| Back Doors |
7,317 |
4,652 |
579 |
| Other Malicious Code |
1,337,176 |
2,396,557 |
2,373,841 |
Actual Infections
Actual Infections
| Actual Infections |
June 2008 |
July 2008 |
August 2008 |
| Total Workstations/Hard Drives Infected |
738 |
4,065 |
1,453 |
| Total Servers Infected |
5 |
20 |
12 |
Server Types (Number of Systems)
Server Types (Number of Systems)
| Type of Systems Affected |
June 2008 |
July 2008 |
August 2008 |
| Critical production applications and/or data |
11 |
21 |
40 |
| Critical administrative/support applications and/or data |
10 |
12 |
3 |
| Research applications and/or data |
0 |
4 |
2 |
| Academic applications and/or data |
7 |
13 |
10 |
| External use web servers |
8 |
5,574 |
5 |
| Internal use web servers |
1 |
1,046 |
3 |
| FTP Servers |
0 |
1 |
2 |
| Email Servers |
52 |
53 |
305 |
| Print Servers |
0 |
2 |
1 |
| Other Servers |
8 |
3,057 |
7,318 |
| Total |
97 |
9,783 |
7,689 |
Response Activities and General Information
Response Activities and General Information
| Question |
June 2008 |
July 2008 |
August 2008 |
| 1. Number of times were incident response plans activated |
90 |
86 |
72 |
| 2. Number of times disaster recovery plans activated due to security incident |
1 |
0 |
4 |
| 3. Average hours from detection to containment |
566 |
1,881 |
957 |
| 4. Incidents with response activity logs kept |
324 |
251 |
315 |
| 5. Damage to agency/university IR assets |
19 |
29 |
26 |
| 5a. Number of assets restored |
1 |
30 |
29 |
| 6. Number of incidents needed outside assistance |
13 |
22 |
20 |
| 7. Number of incidents resulted in new security measures |
146 |
195 |
266 |
| 7a. Number of patches installed |
167 |
181 |
245 |
| 7b. Number security software installed |
117 |
136 |
206 |
| 7c. Number of additional policies developed |
7 |
4 |
2 |
| 7d. Number other |
25 |
0 |
19 |
| 8. Number incidents resulted in proliferation |
46 |
65 |
67 |
| 8a. Internal Systems |
73 |
39 |
23 |
| 8b. External Systems |
23 |
31 |
40 |
| 9. Incidents resulted in external public awareness |
12 |
23 |
3 |
| 10. Number Incidents reported to law enforcement |
2 |
7 |
2 |
Top Ten Viruses
Top Ten Viruses
| June 2008 |
July 2008 |
August 2008 |
| Suspicious.2=upack |
Win32/FakeAlert |
Agent BRL |
| WhenU |
FakeAlert-AQ |
FakeScanner.F#gif |
| Happy99.ska |
Trojan.Wimad 16240 |
Klez.E_1 |
| KlezE_1 |
Phishbank |
HDBreaker |
| Suspicious=pack |
Downloader |
Loveletter.D |
| Bagle.A3 |
Mal_Naix-2 |
Natas-b |
| Cutwail.gen |
BAT/TCPParams.A |
HappyTime |
| Suspicious=telock.2 |
Win32/Vundo.AHO |
Happy99.SKA |
| Crypt.GEN_703 |
Bugnraw |
Banker.AAKD |
| DCOM.Gen |
Troj/Agent-HFU |
Multi |
|
