Last updated: 
2 months 2 weeks ago
Blog Manager
We are the Computer Security and Incident Response Team (CSIRT) for the Janet network. Part of Jisc's Security Operations Centre, our mission is to safeguard the current and future network security of Janet (steering the security policies for all Janet connections) and of our customers, creating a secure environment to conduct your online activities. Our primary function is monitor and resolve any security incidents that occur on the Janet network, with specialists tracking a range of platforms, including Unix, Linux and Windows.

Incident Statistics for January 2019

Thursday, February 14, 2019 - 14:46

These statistics only relate to information collated by Janet CSIRT and do not provide an accurate sample of security activity across the research and education sectors. The figures are frequently more closely correlated to the activity of CSIRT and our detection of events rather than their actual rates of incidence.

For example: a successful investigation by researchers into a botnet will cause that month's malware figures to rise even though the malware may have been active in previous months.

Please note that the monthly statistics related to malware infection for September 2018 are under represented due to a data collection issue. This has since been addressed.

Further information on our classification scheme is available.

Compromise 7
Copyright 157
Denial of Service 38
General Query 17
LEA Query 4
Malware 139
Misconfiguration 3
Other 3
Phishing 53
Scanning 9
Social Engineering 0
Unauthorised Use 7
Unclassified 0
Undetermined 1
Unknown 4
Unsolicited Bulk Email 10

The month of January 2019 showed a noteworthy increase in the number of Phishing incidents, the average over the previous months was +/-16 incidents per month. The month of January saw that rise to 53 incidents.


This is due to several new criminal campaigns that have become far more sophisticated in their mode of operation and complexity. The two most widespread campaigns affected both higher education and further education constituents in quite equal measure. The "Green Button" and a few weeks later "Blue Button" phishing attacks proved very successful in harvesting large numbers of user credentials from students and staff at affected organisations.


Also, another phishing exploit commonly known as "Whale Phishing". These emails are sent from a fake external email address e.g. or something similar.  Often the emails are made to look as if they’ve come from senior colleagues – this type of phishing is known as whaling, as a result of the senior level of the intended targets’ in the organisation.  It is a more refined version of Spear Phishing that we see quite regularly.


Malware is still the highest rated category of incident currently being dealt with, 139 incidents, (following the automated handling of "alleged copyright infringement notices"). This varies from some ancient malware variants that have been in the wild for years to a range of data stealing, advanced persistent threat malware that is much better at avoiding detection.