Government agencies have weak encryption methods, inadequate screening against injection attacks and experience broken access controls, according to the latest report published by the Ministry of Digital Affairs’ (MODA) Administration for Cyber Security.
Each year, the agency selects one government Web site that is publicly accessible for a live security exercise. After the exercise, it compiles a report detailing the information security risks found.
There were 83,105 thwarted cyberattack incidents last month, down 13,070 compared with the previous month, the report said.
Photo: Reuters
The top threats were information gathering probes, comprising 52 percent of attacks, invasive attacks at 21 percent and attempts at system invasion at 16 percent, according to the report.
Hackers have used third-party e-mail services to bombard certain government agencies with phishing e-mails containing files that read like petitions, with the malware creating backdoors for hackers and allowing them access to sensitive information, it said.
Forty information security incidents were reported last month, down 13 from the previous month, the report said.
About 47.5 percent of incidents were caused by agency equipment connecting to rogue relay stations, users downloading malware using agency networks, or connections to applications that would steal data or insert malware, it said.
Only a portion of government agency employees are screening sensitive data by converting the files using built-in masking functions from PDF software, it added.
The Administration for Cyber Security said such efforts are easily cracked, and users should “scrub” their files before converting them to an image file.
The report said government Web sites exhibited a weakness against injection attacks and posed a possible breakthrough point for hackers.
Government agencies should identify and remove such vulnerabilities, the report said, adding that special characters should be included in a filter list to prevent injection attacks.
Injection attacks are instances where hackers manipulate vulnerabilities in coding to inject malware or trick systems into allowing them to access data that should not be available to ordinary users.
Government Web sites are vulnerable to broken access controls, allowing some users to access files previously inaccessible via path traversal attacks, the report said.
Government agencies must implement access controls for files and data, and ensure that users cannot access files via path traversal attacks, which use an affected application to access files and system folders higher in the directory hierarchy than the Web root folder on the server, it said.
The High Prosecutors’ Office yesterday withdrew an appeal against the acquittal of a former bank manager 22 years after his death, marking Taiwan’s first instance of prosecutors rendering posthumous justice to a wrongfully convicted defendant. Chu Ching-en (諸慶恩) — formerly a manager at the Taipei branch of BNP Paribas — was in 1999 accused by Weng Mao-chung (翁茂鍾), then-president of Chia Her Industrial Co, of forging a request for a fixed deposit of US$10 million by I-Hwa Industrial Co, a subsidiary of Chia Her, which was used as collateral. Chu was ruled not guilty in the first trial, but was found guilty
‘DENIAL DEFENSE’: The US would increase its military presence with uncrewed ships, and submarines, while boosting defense in the Indo-Pacific, a Pete Hegseth memo said The US is reorienting its military strategy to focus primarily on deterring a potential Chinese invasion of Taiwan, a memo signed by US Secretary of Defense Pete Hegseth showed. The memo also called on Taiwan to increase its defense spending. The document, known as the “Interim National Defense Strategic Guidance,” was distributed this month and detailed the national defense plans of US President Donald Trump’s administration, an article in the Washington Post said on Saturday. It outlines how the US can prepare for a potential war with China and defend itself from threats in the “near abroad,” including Greenland and the Panama
DEADLOCK: As the commission is unable to forum a quorum to review license renewal applications, the channel operators are not at fault and can air past their license date The National Communications Commission (NCC) yesterday said that the Public Television Service (PTS) and 36 other television and radio broadcasters could continue airing, despite the commission’s inability to meet a quorum to review their license renewal applications. The licenses of PTS and the other channels are set to expire between this month and June. The National Communications Commission Organization Act (國家通訊傳播委員會組織法) stipulates that the commission must meet the mandated quorum of four to hold a valid meeting. The seven-member commission currently has only three commissioners. “We have informed the channel operators of the progress we have made in reviewing their license renewal applications, and
A wild live dugong was found in Taiwan for the first time in 88 years, after it was accidentally caught by a fisher’s net on Tuesday in Yilan County’s Fenniaolin (粉鳥林). This is the first sighting of the species in Taiwan since 1937, having already been considered “extinct” in the country and considered as “vulnerable” by the International Union for Conservation of Nature. A fisher surnamed Chen (陳) went to Fenniaolin to collect the fish in his netting, but instead caught a 3m long, 500kg dugong. The fisher released the animal back into the wild, not realizing it was an endangered species at