July 2006 Summary & Trends
Overall the number of events reported to the STEAM-CIRT continued to decrease slightly from June, although the number of IT Incidents increased.
Unlike the prediction in last month’s report, the number of classified IT Incidents increased in July by 50%. The increased number of incidents is attributed partially to several SSH brute force attacks as well as better IRC Bot detection capabilities brought online by the STEAM-CIRT in July. The number of IRC Bots found by the STEAM-CIRT went up after a new expanded source of known IRC Bot Controllers was added to our existing detection process.
Several reports of scans for SSH servers using typical usernames and passwords were received in July. This type of scanning is a common occurrence and should be anticipated by any administrator allowing remote SSH access both inside and outside University networks. The STEAM-CIRT recommends enforcing strong passwords, limiting access from remote networks when possible, and performing password strength audits as methods to prevent a user account compromise through this type of attack.
Finally, the STEAM-CIRT anticipates that the number of investigable events and classified IT Incidents will increase sharply in August corresponding with the beginning of the Fall academic semester.
Posted by Addam Schroll on September 22, 2006, in Handlers Log.