Government agencies have weak encryption methods, inadequate screening against injection attacks and experience broken access controls, according to the latest report published by the Ministry of Digital Affairs’ (MODA) Administration for Cyber Security.
Each year, the agency selects one government Web site that is publicly accessible for a live security exercise. After the exercise, it compiles a report detailing the information security risks found.
There were 83,105 thwarted cyberattack incidents last month, down 13,070 compared with the previous month, the report said.
Photo: Reuters
The top threats were information gathering probes, comprising 52 percent of attacks, invasive attacks at 21 percent and attempts at system invasion at 16 percent, according to the report.
Hackers have used third-party e-mail services to bombard certain government agencies with phishing e-mails containing files that read like petitions, with the malware creating backdoors for hackers and allowing them access to sensitive information, it said.
Forty information security incidents were reported last month, down 13 from the previous month, the report said.
About 47.5 percent of incidents were caused by agency equipment connecting to rogue relay stations, users downloading malware using agency networks, or connections to applications that would steal data or insert malware, it said.
Only a portion of government agency employees are screening sensitive data by converting the files using built-in masking functions from PDF software, it added.
The Administration for Cyber Security said such efforts are easily cracked, and users should “scrub” their files before converting them to an image file.
The report said government Web sites exhibited a weakness against injection attacks and posed a possible breakthrough point for hackers.
Government agencies should identify and remove such vulnerabilities, the report said, adding that special characters should be included in a filter list to prevent injection attacks.
Injection attacks are instances where hackers manipulate vulnerabilities in coding to inject malware or trick systems into allowing them to access data that should not be available to ordinary users.
Government Web sites are vulnerable to broken access controls, allowing some users to access files previously inaccessible via path traversal attacks, the report said.
Government agencies must implement access controls for files and data, and ensure that users cannot access files via path traversal attacks, which use an affected application to access files and system folders higher in the directory hierarchy than the Web root folder on the server, it said.
The first global hotel Keys Selection by the Michelin Guide includes four hotels in Taiwan, Michelin announced yesterday. All four received the “Michelin One Key,” indicating guests are to experience a “very special stay” at any of the locations as the establishments are “a true gem with personality. Service always goes the extra mile, and the hotel provides much more than others in its price range.” Of the four hotels, three are located in Taipei and one in Taichung. In Taipei, the One Key accolades were awarded to the Capella Taipei, Kimpton Da An Taipei and Mandarin Oriental Taipei. Capella Taipei was described by
EVA Airways today confirmed the death of a flight attendant on Saturday upon their return to Taiwan and said an internal investigation has been launched, as criticism mounted over a social media post accusing the airline of failing to offer sufficient employee protections. According to the post, the flight attendant complained of feeling sick on board a flight, but was unable to take sick leave or access medical care. The crew member allegedly did not receive assistance from the chief purser, who failed to heed their requests for medical attention or call an ambulance once the flight landed, the post said. As sick
The Taichung District Court yesterday confirmed its final ruling that the marriage between teenage heir Lai (賴) and a man surnamed Hsia (夏) was legally invalid, preventing Hsia from inheriting Lai’s NT$500 million (US$16.37 million) estate. The court confirmed that Hsia chose not to appeal the civil judgement after the court handed down its ruling in June, making the decision final. In the June ruling, the court said that Lai, 18, and Hsia, 26, showed “no mutual admiration before the marriage” and that their interactions were “distant and unfamiliar.” The judge concluded that the couple lacked the “true intention of
INDUSTRY: Beijing’s latest export measures go beyond targeting the US and would likely affect any country that uses Chinese rare earths or related tech, an academic said Taiwanese industries could face significant disruption from China’s newly tightened export controls on rare earth elements, as much of Taiwan’s supply indirectly depends on Chinese materials processed in Japan, a local expert said yesterday. Kristy Hsu (徐遵慈), director of the Taiwan ASEAN Studies Center at the Chung-Hua Institution for Economic Research, said that China’s latest export measures go far beyond targeting the US and would likely affect any country that uses Chinese rare earths or related technologies. With Japan and Southeast Asian countries among those expected to be hit, Taiwan could feel the impact through its reliance on Japanese-made semi-finished products and
RSS