Phishing remains the main threat

Cyber incidents affecting US Government information systems rose by 39 percent to 41,776 and Phishing remained the main threat faced by organisations.



The report also revealed that phishing represented more than half of the 107,439 cyber incidents compiled by the United States Computer Emergency Readiness Team for FY2010 from federal, state and local governments, commercial enterprises, American citizens and foreign CERT teams. Thirty-nine percent of the incidents came from the federal government. “Malicious code through multiple means (e.g., phishing, virus, logic bomb) continues to be the most widely used attack approach,” the report said.



Among federal agencies, 31 percent of cyber incidents last year involved malicious code. Unauthorized access represented nearly 14 percent of reported incidents; improper usage, 17 percent; scans, probes and attempted access, 27 percent; and denial of service, 0.1 percent. More than 27 percent of federal incidents were categorized as under investigation or other.



Here’s the breakdown of the 107,439 incidents reported to U.S.-CERT in FY2010:



Phishing: 56,579 incidents, 52.7 percent of incidents.
Virus/Trojan/worm/logic bomb: 11,001, 10.2 percent
Malicious website: 7,971, 7.4 percent
Non-cyber: 7,741, 7.2 percent
Policy violation: 6,888, 6.4 percent
Equipment theft/loss: 5,395, 5 percent
Suspicious network activity: 3,121, 2.9 percent
Attempted access: 2,712, 2.5 percent
Social engineering: 1,571, 1.5 percent



Full Links to the story https://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/FY10_FISMA.pdf



The report also stated that there were repeated attacks on zero-day vulnerabilities through social engineering. Attackers from criminal entities and other actors aggressively exploited zero-day vulnerabilities in applications and products throughout the year. Exploit codes for these vulnerabilities often became publicly available, which placed Federal agencies, private organizations, and individuals at increased risk. These attacks typically require social engineering to trick users into visiting compromised web sites hosting malware or opening a malicious attachment to execute the malware on a user’s system.


There are lots of interesting information in the report which provides changing threat profile