Government agencies have weak encryption methods, inadequate screening against injection attacks and experience broken access controls, according to the latest report published by the Ministry of Digital Affairs’ (MODA) Administration for Cyber Security.
Each year, the agency selects one government Web site that is publicly accessible for a live security exercise. After the exercise, it compiles a report detailing the information security risks found.
There were 83,105 thwarted cyberattack incidents last month, down 13,070 compared with the previous month, the report said.
Photo: Reuters
The top threats were information gathering probes, comprising 52 percent of attacks, invasive attacks at 21 percent and attempts at system invasion at 16 percent, according to the report.
Hackers have used third-party e-mail services to bombard certain government agencies with phishing e-mails containing files that read like petitions, with the malware creating backdoors for hackers and allowing them access to sensitive information, it said.
Forty information security incidents were reported last month, down 13 from the previous month, the report said.
About 47.5 percent of incidents were caused by agency equipment connecting to rogue relay stations, users downloading malware using agency networks, or connections to applications that would steal data or insert malware, it said.
Only a portion of government agency employees are screening sensitive data by converting the files using built-in masking functions from PDF software, it added.
The Administration for Cyber Security said such efforts are easily cracked, and users should “scrub” their files before converting them to an image file.
The report said government Web sites exhibited a weakness against injection attacks and posed a possible breakthrough point for hackers.
Government agencies should identify and remove such vulnerabilities, the report said, adding that special characters should be included in a filter list to prevent injection attacks.
Injection attacks are instances where hackers manipulate vulnerabilities in coding to inject malware or trick systems into allowing them to access data that should not be available to ordinary users.
Government Web sites are vulnerable to broken access controls, allowing some users to access files previously inaccessible via path traversal attacks, the report said.
Government agencies must implement access controls for files and data, and ensure that users cannot access files via path traversal attacks, which use an affected application to access files and system folders higher in the directory hierarchy than the Web root folder on the server, it said.
A strong continental cold air mass and abundant moisture bringing snow to mountains 3,000m and higher over the past few days are a reminder that more than 60 years ago Taiwan had an outdoor ski resort that gradually disappeared in part due to climate change. On Oct. 24, 2021, the National Development Council posted a series of photographs on Facebook recounting the days when Taiwan had a ski resort on Hehuanshan (合歡山) in Nantou County. More than 60 years ago, when developing a branch of the Central Cross-Island Highway, the government discovered that Hehuanshan, with an elevation of more than 3,100m,
Death row inmate Huang Lin-kai (黃麟凱), who was convicted for the double murder of his former girlfriend and her mother, is to be executed at the Taipei Detention Center tonight, the Ministry of Justice announced. Huang, who was a military conscript at the time, was convicted for the rape and murder of his ex-girlfriend, surnamed Wang (王), and the murder of her mother, after breaking into their home on Oct. 1, 2013. Prosecutors cited anger over the breakup and a dispute about money as the motives behind the double homicide. This is the first time that Minister of Justice Cheng Ming-chien (鄭銘謙) has
TRANSPORT CONVENIENCE: The new ticket gates would accept a variety of mobile payment methods, and buses would be installed with QR code readers for ease of use New ticketing gates for the Taipei metro system are expected to begin service in October, allowing users to swipe with cellphones and select credit cards partnered with Taipei Rapid Transit Corp (TRTC), the company said on Tuesday. TRTC said its gates in use are experiencing difficulty due to their age, as they were first installed in 2007. Maintenance is increasingly expensive and challenging as the manufacturing of components is halted or becoming harder to find, the company said. Currently, the gates only accept EasyCard, iPass and electronic icash tickets, or one-time-use tickets purchased at kiosks, the company said. Since 2023, the company said it
Ferry operators are planning to provide a total of 1,429 journeys between Taiwan proper and its offshore islands to meet increased travel demand during the upcoming Lunar New Year holiday, the Maritime and Port Bureau said yesterday. The available number of ferry journeys on eight routes from Saturday next week to Feb. 2 is expected to meet a maximum transport capacity of 289,414 passengers, the bureau said in a news release. Meanwhile, a total of 396 journeys on the "small three links," which are direct ferries connecting Taiwan's Kinmen and Lienchiang counties with China's Fujian Province, are also being planned to accommodate
RSS