| Related Resources |
 |
|
 |
|
|
Monthly Incident Summary Reports:
September - October 2008
Links to other reports are available on the Security
Reports Homepage.
Number of Agencies/Universities Reporting:
September 2008
| Universities |
40 |
17 |
7 |
64 |
| Agencies |
35 |
44 |
4 |
83 |
October 2008
| Universities |
44 |
13 |
7 |
64 |
| Agencies |
38 |
38 |
7 |
83 |
Types of Incidents:
Types of Incidents
| Actual Infections |
857 |
4,936 |
| Unauthorized Physical Access |
0 |
0 |
| Unauthorized Information Access |
227 |
4 |
| Web Site Defacement |
4 |
4 |
| Theft of Equipment |
11 |
12 |
| Theft of Information |
1 |
0 |
| Unauthorized Use/Misuse |
1,129 |
593 |
| Accidental Disruption |
56 |
42 |
| Disruption or Denial of Services (DOS) |
1 |
2 |
| Other |
826,408 |
2,861,825 |
| Total |
828,694 |
2,867,418 |
Impact of Incidents:
Impact of Incidents
| September 2008 |
2,763 |
621 |
$106,658 |
2 |
| October 2008 |
5,966 |
310 |
$232,166 |
3 |
Incident Profiles:
Incident Profiles
| September 2008 |
61,939,112 |
40,523 |
57,387,999 |
| October 2008 |
52,252,864 |
1,466,026 |
46,974,924 |
Malicious Code:
Malicious Code
| Viruses/Worms |
605,745 |
911,045 |
| Logic Bombs |
35 |
0 |
| Back Doors |
589 |
29,252 |
| Other Malicious Code |
485,096 |
8,176,788 |
| Total Workstations/Hard Drives Infected |
853 |
4,929 |
| Total Servers Infected |
4 |
7 |
Server Types (Number of Systems):
Server Types (Number of Systems)
| Critical production applications and/or
data |
16 |
7,490 |
| Critical administrative/support applications
and/or data |
8 |
33 |
| Research applications and/or data |
0 |
8 |
| Academic applications and/or data |
2 |
11 |
| External use web servers |
2,260 |
47 |
| Internal use web servers |
6,490 |
2 |
| FTP Servers |
1 |
1 |
| Email Servers |
498 |
4,003
|
| Print Servers |
1 |
0 |
| Other Servers |
148 |
88 |
| Total |
9,424 |
11,683 |
Response Activities and General Information:
Response Activities and General information
| 1. Number of times were incident response plans activated |
68 |
140 |
| 2. Number of times disaster recovery plans activated due to security incident |
5 |
3 |
| 3. Average hours from detection to containment |
1,248 |
4,353 |
| 4. Incidents with response activity logs kept |
547 |
339 |
| 5. Damage to agency/university IR assets |
36 |
29 |
| 5a. Number of Assets restored |
49 |
45 |
| 6. Number of incidents needed outside assistance |
858 |
16 |
| 7. Number of incidents resulted in new security measures |
1,110 |
235 |
| 7a. Number of patches installed |
1,116 |
229 |
| 7b. Number security software installed |
1,077 |
185 |
| 7c. Number of additional policies developed |
849 |
7 |
| 7d. Number other |
0 |
2 |
| 8. Number incidents resulted in proliferation |
68 |
174 |
| 8a. Internal Systems |
27 |
60 |
| 8b. External Systems |
44 |
114 |
| 9. Incidents resulted in external public awareness |
11 |
11 |
| 10. Number Incidents reported to law enforcement |
3 |
5 |
Top Ten Viruses:
Top 10 Viruses
| September 2008 |
October 2008 |
| Troj/Agent-HNY |
Troj/Invo-Zip |
| Troj/Invo-Zip |
W32.SillyDC |
| Trojan.Fakealert-532 |
Infostealer |
| Mal/EncPk-ES |
Mal/EncPk-CZ |
| Generic.dx |
Generic.dx |
| Generic Malware.a!zip |
W32.Spybot.Worm |
| Infostealer |
Generic Malware.a!zip (trojan) |
| Mal/EncPK-CZ |
Win32/VMalum.EGRZ |
| Multi |
Trojan.Virantix.C |
| Troj/Agent-HTC |
Generic Malware.a (trojan) |
|
