| Related Resources |
 |
|
 |
|
|
Monthly Incident Summary Reports:
March - May 2008
Links to other reports are available on the Security
Reports Homepage.
Number of Agencies/Universities Reporting
March 2008
| Organization Type |
Incidents |
No Incidents |
No Report |
Total |
| Universities |
41 |
16 |
8 |
65 |
| Agencies |
31 |
44 |
11 |
86 |
April 2008
| Organization Type |
Incidents |
No Incidents |
No Report |
Total |
| Universities |
37 |
19 |
9 |
64 |
| Agencies |
29 |
42 |
15 |
83 |
May 2008
| Organization Type |
Incidents |
No Incidents |
No Report |
Total |
| Universities |
36 |
23 |
5 |
64 |
| Agencies |
32 |
46 |
5 |
83 |
Types of Incidents
Types of Incidents
| Types of Incidents |
March 2008 |
April 2008 |
May 2008 |
| Actual Infections |
651 |
789 |
603 |
| Unauthorized Physical Access |
3 |
1 |
0 |
| Unauthorized Informational Access |
77 |
78 |
142 |
| Web Site Defacement |
0 |
1 |
4 |
| Theft Of Equipment |
15 |
4 |
6 |
| Theft Of Information |
8 |
1 |
4 |
| Unauthorized Use/Misuse |
517 |
1,659 |
218 |
| Accidental Disruption |
25 |
28 |
40 |
| Disruption or Denial of Services (DOS) |
10 |
3 |
6 |
| Other |
980 |
1,504 |
1,992 |
| Total |
2,286 |
4,104 |
3,015 |
Impact of Incidents
Impact of Incidents
| Month |
Total Hours |
Downtime Hours |
Total Costs |
Lost Data |
| March 2008 |
1,639 |
167 |
$56,441 |
1 |
| April 2008 |
2,092 |
354 |
$61,781 |
1 |
| May 2008 |
1,974 |
388 |
$118,146 |
0 |
Incident Profiles
Incident Profiles
| Month |
Detected with IDS |
Internal Source |
External Source |
| March 2008 |
19,065,132 |
26,013 |
15,918,868 |
| April 2008 |
71,144,444 |
42,967,311 |
234,978 |
| May 2008 |
21,591,103 |
51,482 |
21.543,264 |
Malicious Code
Malicious Code
| Malicious Code |
March 2008 |
April 2008 |
May 2008 |
| Viruses/Worms |
134,468 |
240,656 |
139,839 |
| Logic Bombs |
0 |
333 |
401 |
| Back Doors |
4,634 |
2,895 |
811 |
| Other Malicious Code |
425,381 |
181,480 |
22,078 |
Actual Infections
Actual Infections
| Actual Infections |
March 2008 |
April 2008 |
May 2008 |
| Total Workstations/Hard Drives Infected |
646 |
778 |
590 |
| Total Servers Infected |
5 |
10 |
13 |
Server Types (Number of Systems)
Server Types (Number of Systems)
| Type of Systems Affected |
March 2008 |
April 2008 |
May 2008 |
| Critical production applications and/or
data |
3 |
7 |
6 |
| Critical administrative/support applications
and/or data |
6 |
14 |
7 |
| Research applications and/or data |
1 |
1 |
2 |
| Academic applications and/or data |
12 |
4 |
6 |
| External use web servers |
3 |
9 |
17 |
| Internal use web servers |
2 |
0 |
3 |
| FTP Servers |
1 |
1 |
0 |
| Email Servers |
26 |
8 |
19 |
| Print Servers |
0 |
0 |
0 |
| Other Servers |
9 |
40 |
4 |
| Total |
63 |
84 |
64 |
Response Activities and General Information
Response Activities and General Information
| Question |
March 2008 |
April 2008 |
May 2008 |
| 1. Number of times were incident response plans activated |
40 |
44 |
29 |
| 2. Number of times disaster recovery plans activated due to security incident |
0 |
2 |
3 |
| 3. Average hours from detection to containment |
282 |
321 |
876 |
| 4. Incidents with response activity logs kept |
293 |
355 |
194 |
| 5. Damage to agency/university IR assets |
4 |
10 |
5 |
| 5a. Number of assets restored |
4 |
10 |
5 |
| 6. Number of incidents needed outside assistance |
21 |
11 |
13 |
| 7. Number of incidents resulted in new security measures |
196 |
286 |
161 |
| 7a. Number of patches installed |
184 |
263 |
139 |
| 7b. Number security software installed |
200 |
258 |
26 |
| 7c. Number of additional policies developed |
4 |
4 |
9 |
| 7d. Number other |
0 |
1 |
1 |
| 8. Number incidents resulted in proliferation |
68 |
55 |
3 |
| 8a. Internal Systems |
25 |
34 |
2 |
| 8b. External Systems |
43 |
22 |
2 |
| 9. Incidents resulted in external public awareness |
0 |
3 |
2 |
| 10. Number Incidents reported to law enforcement |
7 |
4 |
5 |
Top Ten Viruses
Top Ten Viruses
| March 2008 |
April 2008 |
May 2008 |
| Downloader |
Downloader |
Downloader |
| Vundo |
Exploit-MS06-014 |
Trojan Dropper |
| Downloader-MisleadApp |
W32.Mydoom.M@mm |
W32.Netsky.P@mm!enc |
| VBS/Psyme |
VBS/Psyme |
Downloader-MisleadApp |
| Vundo.gen.b |
Vundo |
Exploit-MS06-014 |
| W32.Advegol!html |
Downloader-MisleadApp |
Generic.dx |
| EGeneric.dx |
Generic.dx |
JS/Wonka |
| Trojan Horse |
Exploit-ByteVerify |
Vundo |
| JS/Wonka |
Generic Dropper.au |
W32.Mydoom.M@mm |
| Trojan.Pandex |
JS/Wonka |
W32.Netsky.P@MM |
|
