《TAIPEI TIMES》 Officials face barrage of cyberthreats
BACKBONE HACKED: The Department of Cybersecurity said that while the unusually high number of unidentified incidents is cause for concern, more analysis is needed
By Lu Yi-husan and Jonathan Chin / Staff reporter, with staff writer
The Executive Yuan’s Department of Cybersecurity last month detected 99,293 cybersecurity threats involving the government’s backbone networks, or the highest number of monthly incidents in nearly two years, according to the department’s monthly cybersecurity bulletin.
The report said that 40 percent of the incidents have yet to be investigated, while 23 percent were confirmed cyberattacks and 18 percent were probes.
While the amount of cyberattacks and probes falls within expectations, the large number of unidentified incidents is cause for concern, department Director-General Jyan Hong-wei （簡宏偉） said yesterday.
“In some cases, a judgement cannot be made immediately following an incident report,” he said.
“These incidents have to be matched against the tracking database, while further analysis and investigation could take time, ranging from many months to a year,” he said.
“We have to understand what they are: whether they are a novel form of attack or whether they foreshadow a large-scale attack,” he added.
Fifty-two of last month’s incidents were reported while the incident was happening, and the majority of those were detected by information technology centers, the report said.
Among these incidents, 53.8 percent involved malware, denial of service attacks and insertion of cryptocurrency mining software, the report added.
Notably, a state apparatus listed is category A regarding cybersecurity responsibility suffered a breach of its noncore operating system in the form of Domain Name System tunneling, the report said.
It is believed that a hacker used a Structured Query Language injection technique to attack a platform for renting public venues and obtained system administrator privileges, the report said.
The affected server was removed from the network and its data was backed up for outside security firms to examine, it said.
“This incident illustrates the point that hackers might target noncore operating systems for attack,” the report said.
“This really should not have happened,” Jyan said. “Although most apparatuses are focused on securing core operating systems, the department remains highly concerned with the noncore systems that could become gaps in our defense.”
“The monthly report is a reminder to government agencies that all systems need to be tested for weaknesses and their vulnerabilities patched,” Jyan added.