Government agencies have weak encryption methods, inadequate screening against injection attacks and experience broken access controls, according to the latest report published by the Ministry of Digital Affairs’ (MODA) Administration for Cyber Security.
Each year, the agency selects one government Web site that is publicly accessible for a live security exercise. After the exercise, it compiles a report detailing the information security risks found.
There were 83,105 thwarted cyberattack incidents last month, down 13,070 compared with the previous month, the report said.
Photo: Reuters
The top threats were information gathering probes, comprising 52 percent of attacks, invasive attacks at 21 percent and attempts at system invasion at 16 percent, according to the report.
Hackers have used third-party e-mail services to bombard certain government agencies with phishing e-mails containing files that read like petitions, with the malware creating backdoors for hackers and allowing them access to sensitive information, it said.
Forty information security incidents were reported last month, down 13 from the previous month, the report said.
About 47.5 percent of incidents were caused by agency equipment connecting to rogue relay stations, users downloading malware using agency networks, or connections to applications that would steal data or insert malware, it said.
Only a portion of government agency employees are screening sensitive data by converting the files using built-in masking functions from PDF software, it added.
The Administration for Cyber Security said such efforts are easily cracked, and users should “scrub” their files before converting them to an image file.
The report said government Web sites exhibited a weakness against injection attacks and posed a possible breakthrough point for hackers.
Government agencies should identify and remove such vulnerabilities, the report said, adding that special characters should be included in a filter list to prevent injection attacks.
Injection attacks are instances where hackers manipulate vulnerabilities in coding to inject malware or trick systems into allowing them to access data that should not be available to ordinary users.
Government Web sites are vulnerable to broken access controls, allowing some users to access files previously inaccessible via path traversal attacks, the report said.
Government agencies must implement access controls for files and data, and ensure that users cannot access files via path traversal attacks, which use an affected application to access files and system folders higher in the directory hierarchy than the Web root folder on the server, it said.
South Korean K-pop girl group Blackpink are to make Kaohsiung the first stop on their Asia tour when they perform at Kaohsiung National Stadium on Oct. 18 and 19, the event organizer said yesterday. The upcoming performances will also make Blackpink the first girl group ever to perform twice at the stadium. It will be the group’s third visit to Taiwan to stage a concert. The last time Blackpink held a concert in the city was in March 2023. Their first concert in Taiwan was on March 3, 2019, at NTSU Arena (Linkou Arena). The group’s 2022-2023 “Born Pink” tour set a
CPBL players, cheerleaders and officials pose at a news conference in Taipei yesterday announcing the upcoming All-Star Game. This year’s CPBL All-Star Weekend is to be held at the Taipei Dome on July 19 and 20.
The Taiwan High Court yesterday upheld a lower court’s decision that ruled in favor of former president Tsai Ing-wen (蔡英文) regarding the legitimacy of her doctoral degree. The issue surrounding Tsai’s academic credentials was raised by former political talk show host Dennis Peng (彭文正) in a Facebook post in June 2019, when Tsai was seeking re-election. Peng has repeatedly accused Tsai of never completing her doctoral dissertation to get a doctoral degree in law from the London School of Economics and Political Science (LSE) in 1984. He subsequently filed a declaratory action charging that
The Hualien Branch of the High Court today sentenced the main suspect in the 2021 fatal derailment of the Taroko Express to 12 years and six months in jail in the second trial of the suspect for his role in Taiwan’s deadliest train crash. Lee Yi-hsiang (李義祥), the driver of a crane truck that fell onto the tracks and which the the Taiwan Railways Administration's (TRA) train crashed into in an accident that killed 49 people and injured 200, was sentenced to seven years and 10 months in the first trial by the Hualien District Court in 2022. Hoa Van Hao, a
RSS