Government agencies have weak encryption methods, inadequate screening against injection attacks and experience broken access controls, according to the latest report published by the Ministry of Digital Affairs’ (MODA) Administration for Cyber Security.
Each year, the agency selects one government Web site that is publicly accessible for a live security exercise. After the exercise, it compiles a report detailing the information security risks found.
There were 83,105 thwarted cyberattack incidents last month, down 13,070 compared with the previous month, the report said.
Photo: Reuters
The top threats were information gathering probes, comprising 52 percent of attacks, invasive attacks at 21 percent and attempts at system invasion at 16 percent, according to the report.
Hackers have used third-party e-mail services to bombard certain government agencies with phishing e-mails containing files that read like petitions, with the malware creating backdoors for hackers and allowing them access to sensitive information, it said.
Forty information security incidents were reported last month, down 13 from the previous month, the report said.
About 47.5 percent of incidents were caused by agency equipment connecting to rogue relay stations, users downloading malware using agency networks, or connections to applications that would steal data or insert malware, it said.
Only a portion of government agency employees are screening sensitive data by converting the files using built-in masking functions from PDF software, it added.
The Administration for Cyber Security said such efforts are easily cracked, and users should “scrub” their files before converting them to an image file.
The report said government Web sites exhibited a weakness against injection attacks and posed a possible breakthrough point for hackers.
Government agencies should identify and remove such vulnerabilities, the report said, adding that special characters should be included in a filter list to prevent injection attacks.
Injection attacks are instances where hackers manipulate vulnerabilities in coding to inject malware or trick systems into allowing them to access data that should not be available to ordinary users.
Government Web sites are vulnerable to broken access controls, allowing some users to access files previously inaccessible via path traversal attacks, the report said.
Government agencies must implement access controls for files and data, and ensure that users cannot access files via path traversal attacks, which use an affected application to access files and system folders higher in the directory hierarchy than the Web root folder on the server, it said.
‘DENIAL DEFENSE’: The US would increase its military presence with uncrewed ships, and submarines, while boosting defense in the Indo-Pacific, a Pete Hegseth memo said The US is reorienting its military strategy to focus primarily on deterring a potential Chinese invasion of Taiwan, a memo signed by US Secretary of Defense Pete Hegseth showed. The memo also called on Taiwan to increase its defense spending. The document, known as the “Interim National Defense Strategic Guidance,” was distributed this month and detailed the national defense plans of US President Donald Trump’s administration, an article in the Washington Post said on Saturday. It outlines how the US can prepare for a potential war with China and defend itself from threats in the “near abroad,” including Greenland and the Panama
A magnitude 4.9 earthquake struck off Tainan at 11:47am today, the Central Weather Administration (CWA) said. The hypocenter was 32.3km northeast of Tainan City Hall at a depth of 7.3km, CWA data showed. The intensity of the quake, which gauges the actual effect of a seismic event, measured 4 in Tainan and Chiayi County on Taiwan's seven-tier intensity scale, the data showed. The quake had an intensity of 3 in Chiayi City and County, and Yunlin County, while it was measured as 2 in Kaohsiung, Nantou County, Changhua County, Taitung County and offshore Penghu County, the data showed. There were no immediate reports of
The Chinese Nationalist Party (KMT) is maintaining close ties with Beijing, the Democratic Progressive Party (DPP) said yesterday, hours after a new round of Chinese military drills in the Taiwan Strait began. Political parties in a democracy have a responsibility to be loyal to the nation and defend its sovereignty, DPP spokesman Justin Wu (吳崢) told a news conference in Taipei. His comments came hours after Beijing announced via Chinese state media that the Chinese People’s Liberation Army’s Eastern Theater Command was holding large-scale drills simulating a multi-pronged attack on Taiwan. Contrary to the KMT’s claims that it is staunchly anti-communist, KMT Deputy
RESPONSE: The government would investigate incidents of Taiwanese entertainers in China promoting CCP propaganda online in contravention of the law, the source said Taiwanese entertainers living in China who are found to have contravened cross-strait regulations or collaborated with the Chinese Communist Party (CCP) could be subject to fines, a source said on Sunday. Several Taiwanese entertainers have posted on the social media platform Sina Weibo saying that Taiwan “must be returned” to China, and sharing news articles from Chinese state media. In response, the Mainland Affairs Council (MAC) has asked the Ministry of Culture to investigate whether the entertainers had contravened any laws, and asked for them to be questioned upon their return to Taiwan, an official familiar with the matter said. To curb repeated