Government agencies last year reported 525 cybersecurity threats, nine of which were relatively severe, a report released by the Executive Yuan’s Department of Cyber Security showed.
Information security threats are classified into four severity levels, with level 1 indicating the least serious threat and level 4 the most serious.
Last year, there were 451 level 1 attacks and 65 level 2 attacks on government agencies, department data showed.
Nine level 3 attacks were also recorded, but nothing merited a level 4 classification.
The main types of threats were unauthorized access, Web page attacks, equipment issues and denial of service attacks, the department said.
Unauthorized access was the most common type, comprising 68.8 percent of all threats, it said, adding that the primary causes were vulnerabilities in third-party products, failure of hosts to automatically install updates and remote connection management issues.
Other cases involved ransomware attacks, malware attacks on security systems, latent malware on internal agency networks and systems built by contractors becoming a springboard for infiltration, the department added.
Web page attacks, or the improper control of permissions, file format restrictions and third-party updates targeted by hackers, comprised 6.7 percent of all reported threats, it said.
Threats were nearly evenly split between the central and local governments, with 49 percent of reports coming from federal agencies and 51 percent originating from local agencies, it added.
In its report, which was released late last month, the department recommended how to counter five categories of threats: personal information leaks, ransomware denial of service attacks, malware seeded due to non-updated firmware, persistent attacks designed to steal sensitive data and external supply chain hacks.
For example, in one of the level 3 threats, hackers extracted the login information of a firm handling equipment maintenance for a government agency, the report said.
They were then able to access other equipment within the agency and use ransomware to encrypt data, making normal operation impossible until the hackers released the system, it said.
Ransomware attacks have become a regular occurrence, the report said, adding that response measures hinge on shortening the recovery time.
Agencies should also be sure to patch vulnerabilities and update firmware, implement access controls on internal networks, create off-site backups and conduct regular response drills, it added.
In addition, government agencies should not use equipment or software created in China, the report said.
South Korean K-pop girl group Blackpink are to make Kaohsiung the first stop on their Asia tour when they perform at Kaohsiung National Stadium on Oct. 18 and 19, the event organizer said yesterday. The upcoming performances will also make Blackpink the first girl group ever to perform twice at the stadium. It will be the group’s third visit to Taiwan to stage a concert. The last time Blackpink held a concert in the city was in March 2023. Their first concert in Taiwan was on March 3, 2019, at NTSU Arena (Linkou Arena). The group’s 2022-2023 “Born Pink” tour set a
CPBL players, cheerleaders and officials pose at a news conference in Taipei yesterday announcing the upcoming All-Star Game. This year’s CPBL All-Star Weekend is to be held at the Taipei Dome on July 19 and 20.
The Taiwan High Court yesterday upheld a lower court’s decision that ruled in favor of former president Tsai Ing-wen (蔡英文) regarding the legitimacy of her doctoral degree. The issue surrounding Tsai’s academic credentials was raised by former political talk show host Dennis Peng (彭文正) in a Facebook post in June 2019, when Tsai was seeking re-election. Peng has repeatedly accused Tsai of never completing her doctoral dissertation to get a doctoral degree in law from the London School of Economics and Political Science (LSE) in 1984. He subsequently filed a declaratory action charging that
The Hualien Branch of the High Court today sentenced the main suspect in the 2021 fatal derailment of the Taroko Express to 12 years and six months in jail in the second trial of the suspect for his role in Taiwan’s deadliest train crash. Lee Yi-hsiang (李義祥), the driver of a crane truck that fell onto the tracks and which the the Taiwan Railways Administration's (TRA) train crashed into in an accident that killed 49 people and injured 200, was sentenced to seven years and 10 months in the first trial by the Hualien District Court in 2022. Hoa Van Hao, a
RSS