Government agencies last year reported 525 cybersecurity threats, nine of which were relatively severe, a report released by the Executive Yuan’s Department of Cyber Security showed.
Information security threats are classified into four severity levels, with level 1 indicating the least serious threat and level 4 the most serious.
Last year, there were 451 level 1 attacks and 65 level 2 attacks on government agencies, department data showed.
Nine level 3 attacks were also recorded, but nothing merited a level 4 classification.
The main types of threats were unauthorized access, Web page attacks, equipment issues and denial of service attacks, the department said.
Unauthorized access was the most common type, comprising 68.8 percent of all threats, it said, adding that the primary causes were vulnerabilities in third-party products, failure of hosts to automatically install updates and remote connection management issues.
Other cases involved ransomware attacks, malware attacks on security systems, latent malware on internal agency networks and systems built by contractors becoming a springboard for infiltration, the department added.
Web page attacks, or the improper control of permissions, file format restrictions and third-party updates targeted by hackers, comprised 6.7 percent of all reported threats, it said.
Threats were nearly evenly split between the central and local governments, with 49 percent of reports coming from federal agencies and 51 percent originating from local agencies, it added.
In its report, which was released late last month, the department recommended how to counter five categories of threats: personal information leaks, ransomware denial of service attacks, malware seeded due to non-updated firmware, persistent attacks designed to steal sensitive data and external supply chain hacks.
For example, in one of the level 3 threats, hackers extracted the login information of a firm handling equipment maintenance for a government agency, the report said.
They were then able to access other equipment within the agency and use ransomware to encrypt data, making normal operation impossible until the hackers released the system, it said.
Ransomware attacks have become a regular occurrence, the report said, adding that response measures hinge on shortening the recovery time.
Agencies should also be sure to patch vulnerabilities and update firmware, implement access controls on internal networks, create off-site backups and conduct regular response drills, it added.
In addition, government agencies should not use equipment or software created in China, the report said.
‘DENIAL DEFENSE’: The US would increase its military presence with uncrewed ships, and submarines, while boosting defense in the Indo-Pacific, a Pete Hegseth memo said The US is reorienting its military strategy to focus primarily on deterring a potential Chinese invasion of Taiwan, a memo signed by US Secretary of Defense Pete Hegseth showed. The memo also called on Taiwan to increase its defense spending. The document, known as the “Interim National Defense Strategic Guidance,” was distributed this month and detailed the national defense plans of US President Donald Trump’s administration, an article in the Washington Post said on Saturday. It outlines how the US can prepare for a potential war with China and defend itself from threats in the “near abroad,” including Greenland and the Panama
A wild live dugong was found in Taiwan for the first time in 88 years, after it was accidentally caught by a fisher’s net on Tuesday in Yilan County’s Fenniaolin (粉鳥林). This is the first sighting of the species in Taiwan since 1937, having already been considered “extinct” in the country and considered as “vulnerable” by the International Union for Conservation of Nature. A fisher surnamed Chen (陳) went to Fenniaolin to collect the fish in his netting, but instead caught a 3m long, 500kg dugong. The fisher released the animal back into the wild, not realizing it was an endangered species at
The High Prosecutors’ Office yesterday withdrew an appeal against the acquittal of a former bank manager 22 years after his death, marking Taiwan’s first instance of prosecutors rendering posthumous justice to a wrongfully convicted defendant. Chu Ching-en (諸慶恩) — formerly a manager at the Taipei branch of BNP Paribas — was in 1999 accused by Weng Mao-chung (翁茂鍾), then-president of Chia Her Industrial Co, of forging a request for a fixed deposit of US$10 million by I-Hwa Industrial Co, a subsidiary of Chia Her, which was used as collateral. Chu was ruled not guilty in the first trial, but was found guilty
DEADLOCK: As the commission is unable to forum a quorum to review license renewal applications, the channel operators are not at fault and can air past their license date The National Communications Commission (NCC) yesterday said that the Public Television Service (PTS) and 36 other television and radio broadcasters could continue airing, despite the commission’s inability to meet a quorum to review their license renewal applications. The licenses of PTS and the other channels are set to expire between this month and June. The National Communications Commission Organization Act (國家通訊傳播委員會組織法) stipulates that the commission must meet the mandated quorum of four to hold a valid meeting. The seven-member commission currently has only three commissioners. “We have informed the channel operators of the progress we have made in reviewing their license renewal applications, and
RSS