Government agencies last year reported 525 cybersecurity threats, nine of which were relatively severe, a report released by the Executive Yuan’s Department of Cyber Security showed.
Information security threats are classified into four severity levels, with level 1 indicating the least serious threat and level 4 the most serious.
Last year, there were 451 level 1 attacks and 65 level 2 attacks on government agencies, department data showed.
Nine level 3 attacks were also recorded, but nothing merited a level 4 classification.
The main types of threats were unauthorized access, Web page attacks, equipment issues and denial of service attacks, the department said.
Unauthorized access was the most common type, comprising 68.8 percent of all threats, it said, adding that the primary causes were vulnerabilities in third-party products, failure of hosts to automatically install updates and remote connection management issues.
Other cases involved ransomware attacks, malware attacks on security systems, latent malware on internal agency networks and systems built by contractors becoming a springboard for infiltration, the department added.
Web page attacks, or the improper control of permissions, file format restrictions and third-party updates targeted by hackers, comprised 6.7 percent of all reported threats, it said.
Threats were nearly evenly split between the central and local governments, with 49 percent of reports coming from federal agencies and 51 percent originating from local agencies, it added.
In its report, which was released late last month, the department recommended how to counter five categories of threats: personal information leaks, ransomware denial of service attacks, malware seeded due to non-updated firmware, persistent attacks designed to steal sensitive data and external supply chain hacks.
For example, in one of the level 3 threats, hackers extracted the login information of a firm handling equipment maintenance for a government agency, the report said.
They were then able to access other equipment within the agency and use ransomware to encrypt data, making normal operation impossible until the hackers released the system, it said.
Ransomware attacks have become a regular occurrence, the report said, adding that response measures hinge on shortening the recovery time.
Agencies should also be sure to patch vulnerabilities and update firmware, implement access controls on internal networks, create off-site backups and conduct regular response drills, it added.
In addition, government agencies should not use equipment or software created in China, the report said.
The Coast Guard Administration (CGA) and Chunghwa Telecom yesterday confirmed that an international undersea cable near Keelung Harbor had been cut by a Chinese ship, the Shunxin-39, a freighter registered in Cameroon. Chunghwa Telecom said the cable had its own backup equipment, and the incident would not affect telecommunications within Taiwan. The CGA said it dispatched a ship under its first fleet after receiving word of the incident and located the Shunxin-39 7 nautical miles (13km) north of Yehliu (野柳) at about 4:40pm on Friday. The CGA demanded that the Shunxin-39 return to seas closer to Keelung Harbor for investigation over the
National Kaohsiung University of Science and Technology (NKUST) yesterday promised it would increase oversight of use of Chinese in course materials, following a social media outcry over instances of simplified Chinese characters being used, including in a final exam. People on Threads wrote that simplified Chinese characters were used on a final exam and in a textbook for a translation course at the university, while the business card of a professor bore the words: “Taiwan Province, China.” Photographs of the exam, the textbook and the business card were posted with the comments. NKUST said that other members of the faculty did not see
The Taipei City Government yesterday said contractors organizing its New Year’s Eve celebrations would be held responsible after a jumbo screen played a Beijing-ran television channel near the event’s end. An image showing China Central Television (CCTV) Channel 3 being displayed was posted on the social media platform Threads, sparking an outcry on the Internet over Beijing’s alleged political infiltration of the municipal government. A Taipei Department of Information and Tourism spokesman said event workers had made a “grave mistake” and that the Television Broadcasts Satellite (TVBS) group had the contract to operate the screens. The city would apply contractual penalties on TVBS
EARTHQUAKE: Taipei and New Taipei City accused a construction company of ignoring the Circular MRT’s original design, causing sections to shift by up to 92cm The Taipei and New Taipei City governments yesterday said they would seek NT$1.93 billion (US$58.6 million) in compensation from the company responsible for building the Circular MRT Line, following damage sustained during an earthquake in April last year that had shuttered a section for months. BES Engineering Corp, a listed company under Core Pacific Group, was accused of ignoring the original design when constructing the MRT line, resulting in negative shear strength resistance and causing sections of the rail line between Jhonghe (中和) and Banciao (板橋) districts to shift by up to 92cm during the April 3 earthquake. The pot bearings on
RSS