138 Below are methods used to install malicious software by e-mail:
• Send e-mail with MS Office file attachment
• Insert download link to e-mail content
• an archived file with password
After it was reported that the e-mail containing registered malicious software was sent from addresses of government agencies and private sectors, it was clear that
these were intended attacks. By monitoring e-mail subject lines, we’ve concluded that e-mail subjects with global
or Mongolian trending or breakthrough news were the main reason for opening suspicious e-mails. Examined e-mail subject lines:
• About government structure
• Vaccine tests against ebola virus were successful.
• For improving security of E-MAIL system.
2.2. Statistics
Currently, MNCERTCC’s constituency are all kind of organizations such as business companies, private sector organizations, NGO and general public. The
summary of acitivities carried out by MNCERTCC during the year 2014 is given in the following chart. This chart shows about summary of the critical
incidents that were registered national wide: scan 36, incidents towards web page 23, web pages with security holes 19, computers occupied by attackers 12,
others 10. In 2014, Scan threats and vulnerable websites increased dramatically.
Scans 39
website defacement
17 Vulnerable
Website 19
Botnet zombie IPs
15 Others
10
Scan Website Defacement
Vulnerable Website
139 Scans
Reflecting on the security and threat landscape of 2014, one trend that stands out is the growing ability of malware hosts. In overall, after inspecting critical requests
that came in 2014, the majority of the scans were to reveal website’s sensitivity and to collect network hosts as well as information of hosts. ICMP protocol is used
forgetting network host’s information and recognizing specific service’s functionality in every host on that network. These scans were made mostly to
government agencies. It mainly shows malware propagation through websites of the private and government sectors were observed constantly. The growing
popularity of the website incidents comes from not using the software license warranty and human resource’s lack of knowledge.
Websites with Vulnerability Government agencies - 21,3
Private sectors - 17,15 are at “high risk” level. Mostly due to responsible personnel’s lack of knowledge, skills and incomplete
setups, websites of government agencies and private sectors are under attack. Website defacement:
Government agencies – 12 Private sectors – 23
During monitoring terms, zombie botnets have become gradually widespread, resilient and camouflaged and they seem to be finding some dangerous new targets
in the government and private sectors because consequently responsible personnel leave the server and computer on without using, and user’s lack of academic
knowledge and practice and also not making the necessary software updates. Botnet and zombie IPs - 15,3
In 2014, out of all data directed to government agencies and private sectors, 85,70 were by TCP, 13,36 were by UDP transmitted.
Others incidents 10 In following chart shows about location of the host scans.
140
3. Events organized co-organized 3.1. Competition