Government agencies have weak encryption methods, inadequate screening against injection attacks and experience broken access controls, according to the latest report published by the Ministry of Digital Affairs’ (MODA) Administration for Cyber Security.
Each year, the agency selects one government Web site that is publicly accessible for a live security exercise. After the exercise, it compiles a report detailing the information security risks found.
There were 83,105 thwarted cyberattack incidents last month, down 13,070 compared with the previous month, the report said.
Photo: Reuters
The top threats were information gathering probes, comprising 52 percent of attacks, invasive attacks at 21 percent and attempts at system invasion at 16 percent, according to the report.
Hackers have used third-party e-mail services to bombard certain government agencies with phishing e-mails containing files that read like petitions, with the malware creating backdoors for hackers and allowing them access to sensitive information, it said.
Forty information security incidents were reported last month, down 13 from the previous month, the report said.
About 47.5 percent of incidents were caused by agency equipment connecting to rogue relay stations, users downloading malware using agency networks, or connections to applications that would steal data or insert malware, it said.
Only a portion of government agency employees are screening sensitive data by converting the files using built-in masking functions from PDF software, it added.
The Administration for Cyber Security said such efforts are easily cracked, and users should “scrub” their files before converting them to an image file.
The report said government Web sites exhibited a weakness against injection attacks and posed a possible breakthrough point for hackers.
Government agencies should identify and remove such vulnerabilities, the report said, adding that special characters should be included in a filter list to prevent injection attacks.
Injection attacks are instances where hackers manipulate vulnerabilities in coding to inject malware or trick systems into allowing them to access data that should not be available to ordinary users.
Government Web sites are vulnerable to broken access controls, allowing some users to access files previously inaccessible via path traversal attacks, the report said.
Government agencies must implement access controls for files and data, and ensure that users cannot access files via path traversal attacks, which use an affected application to access files and system folders higher in the directory hierarchy than the Web root folder on the server, it said.
Fast food chain McDonald's is to raise prices by up to NT$5 on some products at its restaurants across Taiwan, starting on Wednesday next week, the company announced today. The prices of all extra value meals and sharing boxes are to increase by NT$5, while breakfast combos and creamy corn soup would go up by NT$3, the company said in a statement. The price of the main items of those meals, if ordered individually, would remain the same. Meanwhile, the price of a medium-sized lemon iced tea and hot cappuccino would rise by NT$3, extra dipping sauces for chicken nuggets would go up
Nvidia Corp CEO Jensen Huang (黃仁勳) arrived in Taiwan yesterday ahead of upcoming AI and technology events, saying he plans to meet with clients and Taiwan Semiconductor Manufacturing Co Chairman C.C. Wei (魏哲家) during his visit. After landing at Taipei Songshan Airport, Huang posed for photos with fans and handed out Yakult drinks to reporters and supporters waiting at the scene, saying he has “a lot to do” during the trip. Asked about reports that Nvidia’s planned headquarters site in Taipei’s Beitou Shilin Technology Park could break ground on May 27, Huang said that if the company holds an event, he would
FUKUOKA SITUATION: Japanese media reported that the pathogen is expected to be identified by the summer, while the CDC downplayed the idea that it was hMPV A “mysterious cold-like illness” reported in Japan’s Fukuoka Prefecture does not seem to be a new disease, but Japanese authorities have been asked about the situation, the Centers for Disease Control (CDC) said yesterday. The Fukuoka Prefectural Medical Association on Wednesday told a news conference that a “mystery cold” that has become a hot topic on social media is “highly likely to be caused by some kind of viral infection,” Japan’s KBC News reported. “Many people are experiencing symptoms starting with a sore throat, followed by a runny nose, phlegm and a severe cough,” KBC News reported, citing association officials. Health authorities are
Carrefour Taiwan is to begin using a new name from the start of July, but it cannot divulge the name until then, the chairman of the supermarket chain's parent company said today. President Chain Store Co chairman Lo Chih-hsien (羅智先) was asked by reporters after a shareholders' meeting to confirm whether the company has settled on a new name for the supermarket brand. In March, the government-registered name of two Carrefour Taiwan branches was quietly changed to "Le Chia Kang" (樂家康) in Chinese, raising speculation that has been selected as the name. Lo said that because of local regulations and contractual obligations, the
RSS