According to the OMB report to Congress on Federal Information Security Management Act (FISMA) compliance, there were 41,776 malicious attacks against federal networks reported to the US Computer Emergency Readiness Team (US-CERT) in FY 2010, up 39% from the 30,000 malicious attacks reported in FY 2009.
At the same, the total number of incidents reported to US-CERT from the federal government, the private sector, and the public declined, from 108,710 incidents in FY 2009 to 107,439 incidents in FY 2010.
Injection of malicious code through phishing, viruses, logic bombs, and other means continues to be the most widely used attack approach against federal agencies, the report found. Malicious code accounted for 31% of total incidents reported by federal agencies, followed by improper usage with 17.5%, unauthorized access with 13.8%, scans and probes with 10.6%, and denial of service with only 0.1%. A full 27.2% of incidents are still under investigation.
The OMB report found that there were repeated attacks on zero-day vulnerabilities through social engineering. Attackers aggressively exploited zero-day vulnerabilities in applications and products throughout FY 2010.
“Exploit codes for these vulnerabilities often became publicly available, which placed federal agencies, private organizations, and individuals at increased risk. These attacks typically require social engineering to trick users into visiting compromised web sites hosting malware or opening a malicious attachment to execute the malware on a user’s system”, the report said.
The FY 2010 report benefited from federal agencies being required to submit their FISMA reports through CyberScope, a reporting tool that streamlines and automates the FISMA reporting system. Going forward, federal agencies will be required to submit FISMA reports once a month, rather than once a year, using the CyberScope system.