Government agencies have weak encryption methods, inadequate screening against injection attacks and experience broken access controls, according to the latest report published by the Ministry of Digital Affairs’ (MODA) Administration for Cyber Security.
Each year, the agency selects one government Web site that is publicly accessible for a live security exercise. After the exercise, it compiles a report detailing the information security risks found.
There were 83,105 thwarted cyberattack incidents last month, down 13,070 compared with the previous month, the report said.
Photo: Reuters
The top threats were information gathering probes, comprising 52 percent of attacks, invasive attacks at 21 percent and attempts at system invasion at 16 percent, according to the report.
Hackers have used third-party e-mail services to bombard certain government agencies with phishing e-mails containing files that read like petitions, with the malware creating backdoors for hackers and allowing them access to sensitive information, it said.
Forty information security incidents were reported last month, down 13 from the previous month, the report said.
About 47.5 percent of incidents were caused by agency equipment connecting to rogue relay stations, users downloading malware using agency networks, or connections to applications that would steal data or insert malware, it said.
Only a portion of government agency employees are screening sensitive data by converting the files using built-in masking functions from PDF software, it added.
The Administration for Cyber Security said such efforts are easily cracked, and users should “scrub” their files before converting them to an image file.
The report said government Web sites exhibited a weakness against injection attacks and posed a possible breakthrough point for hackers.
Government agencies should identify and remove such vulnerabilities, the report said, adding that special characters should be included in a filter list to prevent injection attacks.
Injection attacks are instances where hackers manipulate vulnerabilities in coding to inject malware or trick systems into allowing them to access data that should not be available to ordinary users.
Government Web sites are vulnerable to broken access controls, allowing some users to access files previously inaccessible via path traversal attacks, the report said.
Government agencies must implement access controls for files and data, and ensure that users cannot access files via path traversal attacks, which use an affected application to access files and system folders higher in the directory hierarchy than the Web root folder on the server, it said.
AGING: While Japan has 22 submarines, Taiwan only operates four, two of which were commissioned by the US in 1945 and 1946, and transferred to Taiwan in 1973 Taiwan would need at least 12 submarines to reach modern fleet capabilities, CSBC Corp, Taiwan chairman Chen Cheng-hung (陳政宏) said in an interview broadcast on Friday, citing a US assessment. CSBC is testing the nation’s first indigenous defense submarine, the Hai Kun (海鯤, Narwhal), which is scheduled to be delivered to the navy next month or in July. The Hai Kun has completed torpedo-firing tests and is scheduled to undergo overnight sea trials, Chen said on an SET TV military affairs program. Taiwan would require at least 12 submarines to establish a modern submarine force after assessing the nation’s operational environment and defense
A white king snake that frightened passengers and caused a stir on a Taipei MRT train on Friday evening has been claimed by its owner, who would be fined, Taipei Rapid Transit Corp (TRTC) said yesterday. A person on Threads posted that he thought he was lucky to find an empty row of seats on Friday after boarding a train on the Bannan (Blue) Line, only to spot a white snake with black stripes after sitting down. Startled, he jumped up, he wrote, describing the encounter as “terrifying.” “Taipei’s rat control plan: Release snakes on the metro,” one person wrote in reply, referring
The coast guard today said that it had disrupted "illegal" operations by a Chinese research ship in waters close to the nation and driven it away, part of what Taipei sees a provocative pattern of China's stepped up maritime activities. The coast guard said that it on Thursday last week detected the Chinese ship Tongji (同濟號), which was commissioned only last year, 29 nautical miles (54km) southeast of the southern tip of Taiwan, although just outside restricted waters. The ship was observed lowering ropes into the water, suspected to be the deployment of scientific instruments for "illegal" survey operations, and the coast
An inauguration ceremony was held yesterday for the Danjiang Bridge, the world’s longest single-mast asymmetric cable-stayed bridge, ahead of its official opening to traffic on Tuesday, marking a major milestone after nearly three decades of planning and construction. At the ceremony in New Taipei City attended by President William Lai (賴清德), Premier Cho Jung-tai (卓榮泰), Minister of Transportation and Communications Chen Shih-kai (陳世凱) and New Taipei City Mayor Hou Yu-ih (侯友宜), the bridge was hailed as both an engineering landmark and a long-awaited regional transport link connecting Tamsui (淡水) and Bali (八里)
RSS