Cybersecurity Monthly Report (January 2025)

< Overall Threat Trend >

Ex ante joint defense and monitoring

A total of 79,566 pieces of government agency cybersecurity joint defense intelligence were collected this month (a decrease of 3,539 from the previous month). Analyzing the types of identifiable threats, the top one was information collection (40%), i.e., mainly obtaining information through attacks such as scanning, detection, and social engineering; followed by malicious content (24%), mostly spreading inappropriate content in the forms of text, photos, videos, etc.; and intrusion attempts (16%), most dominated by attempts to intrude into unauthorized hosts. The distribution of intelligence volume in the past year is as shown in Figure 1.

After further compilation and analysis of joint defense information, it was discovered that recent hackers have impersonated the National Institute of Cyber Security to launch targeted social engineering email attacks Taiwanese academic institutions. In the name of “Cyber Security Attack Warning”, the emails urge recipients to run ransomware detection tools in response to ransomware attack activities. However, the actual intent is to deceive recipients into downloading and executing malicious attachments. Relevant intelligence has provided government agencies with recommendations on joint defense and monitoring.

Figure 1 Statistics of cybersecurity monitoring intelligence in joint defense

In-process reporting and responding

The number of cyber security incident reports totaled 47 this month (an increase of 7 from the previous month), which is 0.61 times the number from the same period last year. This month, some agencies were under the attack of blocking services, resulting in a slowdown or interruption of website services, which accounted for 12.77% of the total number of reports. The statistics of cyber security incident reports in the past year are as shown in Figure 2.

Figure 2 Number of cybersecurity incident reports

Post information sharing

This month, during an event organized by a certain agency, the event brochure was placed in Google Cloud for the public to download. However, the contracted vendor also uploaded registration information containing personal data to the same cloud space. The access permissions were not properly configured, allowing unauthorized users to access the relevant data, resulting in a personal data leakage incident. After the incident, the agency immediately removed the registrant data from the cloud space and notified the affected individuals in accordance with the relevant provisions of the "Personal Data Protection Act" to reduce potential impact and risk.

【Additional Reference】

When government agencies organize short-term activities, they use cloud space for document sharing and registration data management to improve operational efficiency and convenience. However, if access permissions are not properly controlled, it may lead to the leakage of sensitive data. It is recommended that agencies refer to the relevant provisions in the "Personal Data Protection Act" and the "Cybersecurity Reference Guidelines for Cloud Services Used by Government Agencies" to ensure that when using cloud space to store data, public documents and files containing personal data are stored in different cloud directories or separate storage spaces. Additionally, appropriate access permissions should be set up to protect against unauthorized third-party access or downloads.

In addition, when entrusting activities to vendors, personal data protection responsibilities should be clearly stated in the contract, including data storage methods, access restrictions, retention periods, and deletion mechanisms etc. Personal data should be removed or archived immediately after the event, and personal data should not be stored in cloud storage to reduce the risk of personal data leakage.

<Key Cyber Security News from Domestic and Abroad>

1.Hacker organization Mirror Face targets Japan in a cyberattack National Police Agency: Suspected to be related to a certain government

The hacker organization Mirror Face launched a total of 210 cyberattacks between 2019 and 2024, targeting Japan Ministry of Defense (equivalent to the Ministry of National Defense) and other government-related units, individuals, think tanks, political figures, journalists, and private companies with advanced technologies (e.g., aerospace field). Initially, the attack method involved sending malware through emails with subjects containing enticing terms like "Taiwan Strait" and "Japan-US alliance." After establishing a trust relationship, they would send malicious software to conduct cyberattacks. Around 2023, victims included semiconductors, information, and communication companies.

(Source: Central News Agency)

2.Hacker breaches U.S. Department of the Treasury! The Treasury Secretary was also affected, at least 3,000 files leaked

The U.S. Department of the Treasury was recently breached by hackers from a certain country. These government-sponsored hackers successfully hacked into more than 400 computers within the department, specifically targeting high-ranking officials responsible for sanctions, international affairs, and intelligence operations. Even the computer used by the U.S. Treasury Secretary Janet Yellen was accessed had nearly 50 non-classified files accessed.

The U.S. Department of the Treasury regards this incident as a "major event," resulting in the theft of thousands of documents, employee usernames, and passwords. The hacker group is believed to be "Silk Typhoon," an organization that is also widely thought to be backed by a certain government. It has been accused multiple times of launching cyberattacks against high-level U.S. officials. Members of the U.S. Congress are calling for stronger digital protection for sensitive institutions to prevent similar incidents from happening again.

(Source: NOWnews)

3.The rise of DeepSeek makes cyber security concern

KPMG’s cyber security lab, which has been closely monitoring the risk trends of large language models (LLM) for a long time, found that DeepSeek currently still has some cyber security vulnerabilities and has yet to overcome three AI information security risks, including cloud security, personal privacy, and information bias.

In the industries of high cyber security risk, especially in finance, telecommunications, and high-tech sectors, when adopting new language models, a comprehensive risk assessment and privacy impact analysis should be conducted to reduce potential cyber security risks and therefore protect the core competitiveness of the companies, the privacy of users and data security.

(Source: Commercial Times)

<Recent Important Cyber Security Conferences and Events>

Since the introduction of the cyber and communication security subject in the higher rank civil service examination in 2024 to assist government agencies in expanding the recruitment channels for the cyber security workforce, intensive practical training in the subject of cyber and communication security for the hired personnel is organized and provided. In a total of four days from January 20, 2025, to January 23, 2025, the training invited instructors with professional and practical experience in cyber security to teach the course, which covers aspects of cybersecurity strategy, management, and technology, all aligned with practical everyday work to help participants in quickly acquiring the necessary professional knowledge for cyber security tasks.

<Change in Cyber Security Officer and Information Officer>

The Information Officer of the Central Bank, formerly Director Li Rui-Yi, was replaced by Director Chen Gong, effective from January 16, 2025.

The Information Officer of the Overseas Community Affairs Council, formerly held by Vice Chairman Lu Yuan-Rong, was replaced by Vice Chairman Zhang Liang-Min, effective from January 16, 2025.