Federal Cyber Incidents Rose 39% in 2010OMB: Nearly One Third of Incidents Involved Malicious Code
OMB's annual report to Congress also revealed that phishing represented more than half of the 107,439 cyber incidents compiled by the United States Computer Emergency Readiness Team for FY2010 from federal, state and local governments, commercial enterprises, American citizens and foreign CERT teams. Thirty-nine percent of the incidents came from the federal government. "Malicious code through multiple means (e.g., phishing, virus, logic bomb) continues to be the most widely used attack approach," the report said.
Among federal agencies, 31 percent of cyber incidents last year involved malicious code. Unauthorized access represented nearly 14 percent of reported incidents; improper usage, 17 percent; scans, probes and attempted access, 27 percent; and denial of service, 0.1 percent. More than 27 percent of federal incidents were categorized as under investigation or other.
Here's the breakdown of the 107,439 incidents reported to U.S.-CERT in FY2010:
- Phishing: 56,579 incidents, 52.7 percent of incidents.
Virus/Trojan/worm/logic bomb: 11,001, 10.2 percent
Malicious website: 7,971, 7.4 percent
Non-cyber: 7,741, 7.2 percent
Policy violation: 6,888, 6.4 percent
Equipment theft/loss: 5,395, 5 percent
Suspicious network activity: 3,121, 2.9 percent
Attempted access: 2,712, 2.5 percent
Social engineering: 1,571, 1.5 percent
An incident, as defined by NIST Special Publication 800-61, is a violation or imminent threat of violation of computer security policies, acceptable use policies or standard computer security practices.