Ex ante joint defense and monitoring
    A total of 64,806 pieces of government agency cybersecurity joint defense intelligence were collected this month (an increase of 13,294 from the previous month). Analyzing the types of identifiable threats, the top identifiable threat was information collection (51%), i.e., mainly obtaining information through attacks such as scanning, detection, and social engineering. This was followed by hacking attempts (17%), which were mainly attempts to hack unauthorized hosts; and intrusion attacks (15%), most of them involving unauthorized access to systems or acquisition of system/user privileges. The distribution of intelligence volume in the past year is as shown in Figure 1.
    After further compilation and analysis of joint defense intelligence, it was discovered that hackers have recently begun using cloud storage services such as Dropbox as locations from which to distribute malware. The hackers have been sending social engineering emails under the pretext of copyright infringement to trick agency personnel into accessing a cloud storage and using this legitimate storage space to disguise their illegal activities in order to attack government agencies. Therefore, agencies should set management regulations and restrictions on the use of cloud storage services. The relevant information has been provided to agencies with recommendations for joint defense, monitoring and protections.

In-process reporting and responding
    The number of cybersecurity incident reports totaled 151 this month (an increase of 24 from the previous month), an increase of 17.05% compared to the same period last year. This is mainly due to the increase in successful attacks related to this month’s military exercises, which accounted for 54.97% of the total number of reports this month. The statistics of cybersecurity incident reports in the past year are as shown in Figure 2.

Post information sharing
    This month, the National Institute of Cyber Security found that emails from government agencies were being illegally forwarded to suspicious external mailboxes. After an investigation, the agency discovered that the email system offered a password reminder feature. The reminder messages set by users revealed too much information, allowing hackers to decrypt users’ passwords and log into their email accounts. The hackers then changed the auto-forwarding feature setting and forwarded emails to external suspicious mailboxes. The agency has reviewed and fully updated the passwords of the hacked accounts and disabled the auto-forwarding feature.
    To prevent users from setting passwords that are too simple and can be easily cracked, systems usually require users to set passwords that have a certain level of complexity. However, to prevent overly complex passwords from being forgotten, users may reveal too much information in the password reminder prompts, increasing the risk of their accounts being exploited. To effectively minimize such risks, agencies should consider disabling or limiting the password reminder feature to ensure that the reminder message does not contain the password itself or excessive information. In addition, agencies should explore the use of multi-factor authentication or a one-time password authentication mechanism to reduce the risk of brute-force password cracking and strengthen abnormal behavior detection mechanisms to monitor abnormal logins and behaviors in real time.