Government agencies have weak encryption methods, inadequate screening against injection attacks and experience broken access controls, according to the latest report published by the Ministry of Digital Affairs’ (MODA) Administration for Cyber Security.
Each year, the agency selects one government Web site that is publicly accessible for a live security exercise. After the exercise, it compiles a report detailing the information security risks found.
There were 83,105 thwarted cyberattack incidents last month, down 13,070 compared with the previous month, the report said.
Photo: Reuters
The top threats were information gathering probes, comprising 52 percent of attacks, invasive attacks at 21 percent and attempts at system invasion at 16 percent, according to the report.
Hackers have used third-party e-mail services to bombard certain government agencies with phishing e-mails containing files that read like petitions, with the malware creating backdoors for hackers and allowing them access to sensitive information, it said.
Forty information security incidents were reported last month, down 13 from the previous month, the report said.
About 47.5 percent of incidents were caused by agency equipment connecting to rogue relay stations, users downloading malware using agency networks, or connections to applications that would steal data or insert malware, it said.
Only a portion of government agency employees are screening sensitive data by converting the files using built-in masking functions from PDF software, it added.
The Administration for Cyber Security said such efforts are easily cracked, and users should “scrub” their files before converting them to an image file.
The report said government Web sites exhibited a weakness against injection attacks and posed a possible breakthrough point for hackers.
Government agencies should identify and remove such vulnerabilities, the report said, adding that special characters should be included in a filter list to prevent injection attacks.
Injection attacks are instances where hackers manipulate vulnerabilities in coding to inject malware or trick systems into allowing them to access data that should not be available to ordinary users.
Government Web sites are vulnerable to broken access controls, allowing some users to access files previously inaccessible via path traversal attacks, the report said.
Government agencies must implement access controls for files and data, and ensure that users cannot access files via path traversal attacks, which use an affected application to access files and system folders higher in the directory hierarchy than the Web root folder on the server, it said.
WANG RELEASED: A police investigation showed that an organized crime group allegedly taught their clients how to pretend to be sick during medical exams Actor Darren Wang (王大陸) and 11 others were released on bail yesterday, after being questioned for allegedly dodging compulsory military service or forging documents to help others avoid serving. Wang, 33, was catapulted into stardom for his role in the coming-of-age film Our Times (我的少女時代). Lately, he has been focusing on developing his entertainment career in China. The New Taipei District Prosecutors’ Office last month began investigating an organized crime group that is allegedly helping men dodge compulsory military service using falsified documents. Police in New Taipei City Yonghe Precinct at the end of last month arrested the main suspect,
A cat named Mikan (蜜柑) has brought in revenue of more than NT$10 million (US$305,390) for the Kaohsiung MRT last year. Mikan, born on April 4, 2020, was a stray cat before being adopted by personnel of Kaohsiung MRT’s Ciaotou Sugar Refinery Station. Mikan was named after a Japanese term for mandarin orange due to his color and because he looks like an orange when curled up. He was named “station master” of Ciaotou Sugar Refinery Station in September 2020, and has since become famous. With Kaohsiung MRT’s branding, along with the release of a set of cultural and creative products, station master Mikan
Eleven people, including actor Darren Wang (王大陸), were taken into custody today for questioning regarding the evasion of compulsory military service and document forgery, the New Taipei District Prosecutors’ Office said. Eight of the people, including Wang, are suspected of evading military service, while three are suspected of forging medical documents to assist them, the report said. They are all being questioned by police and would later be transferred to the prosecutors’ office for further investigation. Three men surnamed Lee (李), Chang (張) and Lin (林) are suspected of improperly assisting conscripts in changing their military classification from “stand-by
LITTORAL REGIMENTS: The US Marine Corps is transitioning to an ‘island hopping’ strategy to counterattack Beijing’s area denial strategy The US Marine Corps (USMC) has introduced new anti-drone systems to bolster air defense in the Pacific island chain amid growing Chinese military influence in the region, The Telegraph reported on Sunday. The new Marine Air Defense Integrated System (MADIS) Mk 1 is being developed to counter “the growing menace of unmanned aerial systems,” it cited the Marine Corps as saying. China has constructed a powerful defense mechanism in the Pacific Ocean west of the first island chain by deploying weapons such as rockets, submarines and anti-ship missiles — which is part of its anti-access/area denial (A2/AD) strategy against adversaries — the
RSS