138 Below are methods used to install malicious software by e-mail: • Send e-mail with MS Office file attachment • Insert download link to e-mail content • an archived file with password After it was reported that the e-mail containing registered malicious software was sent from addresses of government agencies and private sectors, it was clear that these were intended attacks. By monitoring e-mail subject lines, we’ve concluded that e-mail subjects with global or Mongolian trending or breakthrough news were the main reason for opening suspicious e-mails. Examined e-mail subject lines: • About government structure • Vaccine tests against ebola virus were successful. • For improving security of E-MAIL system.

2.2. Statistics

Currently, MNCERTCC’s constituency are all kind of organizations such as business companies, private sector organizations, NGO and general public. The summary of acitivities carried out by MNCERTCC during the year 2014 is given in the following chart. This chart shows about summary of the critical incidents that were registered national wide: scan 36, incidents towards web page 23, web pages with security holes 19, computers occupied by attackers 12, others 10. In 2014, Scan threats and vulnerable websites increased dramatically. Scans 39 website defacement 17 Vulnerable Website 19 Botnet zombie IPs 15 Others 10 Scan Website Defacement Vulnerable Website 139 Scans Reflecting on the security and threat landscape of 2014, one trend that stands out is the growing ability of malware hosts. In overall, after inspecting critical requests that came in 2014, the majority of the scans were to reveal website’s sensitivity and to collect network hosts as well as information of hosts. ICMP protocol is used forgetting network host’s information and recognizing specific service’s functionality in every host on that network. These scans were made mostly to government agencies. It mainly shows malware propagation through websites of the private and government sectors were observed constantly. The growing popularity of the website incidents comes from not using the software license warranty and human resource’s lack of knowledge. Websites with Vulnerability Government agencies - 21,3 Private sectors - 17,15 are at “high risk” level. Mostly due to responsible personnel’s lack of knowledge, skills and incomplete setups, websites of government agencies and private sectors are under attack. Website defacement: Government agencies – 12 Private sectors – 23 During monitoring terms, zombie botnets have become gradually widespread, resilient and camouflaged and they seem to be finding some dangerous new targets in the government and private sectors because consequently responsible personnel leave the server and computer on without using, and user’s lack of academic knowledge and practice and also not making the necessary software updates. Botnet and zombie IPs - 15,3 In 2014, out of all data directed to government agencies and private sectors, 85,70 were by TCP, 13,36 were by UDP transmitted. Others incidents 10 In following chart shows about location of the host scans. 140 3. Events organized co-organized 3.1. Competition