Lieutenant General Nguyen Minh Chinh, Director of the Department of Cyber ​​Security (A05, Ministry of Public Security), Permanent Vice President of the National Cyber ​​Security Association, commented: The situation of attacks, appropriation, and trading of personal and organizational data over the network is complicated, changing rapidly, using many criminal methods, with scenarios and directions when carrying out cyber attacks.

In Vietnam, in the first 6 months of 2024, there were 2,364 fraudulent domain names targeting users and customers of large organizations, an increase of 1.2 times compared to the same period in 2023; 496 fake pages, illegally using the brands of large organizations in Vietnam, an increase of 4 times compared to the same period in 2023; 495,000 DDoS attacks in various forms.

3 Terabytes of data were attacked by ransomware with total estimated damage of more than 10 million USD. In particular, the Lockbit group's attack on VNDirect Securities Corporation and the attacks on the websites of Vietnam Oil Corporation (PVOil), Post and Telecommunication Insurance Corporation (PTI), IPA Investment Group Joint Stock Company; IPA Securities Investment Fund Management Company Limited (IPAAM), caused great damage to the business.

One of the main causes of the above problem is the state of loopholes that cause information and data to be leaked from many organizations and individuals. In the first 6 months of 2024, the Technical Monitoring System of the Information Security Department (Ministry of Information and Communications) recorded 90,033 weaknesses and information security vulnerabilities of agencies and organizations in Vietnam. The number of serious incidents that the department had to handle increased by nearly 60% compared to 2023.

Viettel Cyber ​​Security (VCS) recorded 46 information leaks with about 13 million customer data records for sale, 12.3 GB of source code, 16 GB of data. There were about 17,000 new vulnerabilities, of which more than half were high-level and serious vulnerabilities with 71 vulnerabilities related to hundreds of millions of accounts and customer information leaked from organizations and businesses in Vietnam.

The situation of personal information such as phone number, full name, address, ID card number, account number, etc. of people being leaked is very common. People not only receive scam messages and fake links but are also harassed by phone calls offering various services.

Mr. Nguyen Van Hung, a retired official in Xuan La (Tay Ho district, Hanoi) said that he often receives phone calls inviting him to invest in stocks, give him vouchers for vacation tours, invite him to try wine or receive rewards from businesses... He said that a few years ago, he had a transaction to buy an apartment, perhaps because of that, his personal information was leaked.

The main cause of information leakage is due to the carelessness of users who are not aware of protecting personal data or who do not take adequate protection measures, publicly post personal information on cyberspace or have personal data leaked during the process of transferring, storing, or exchanging information.

Normal activities in data backup; repair, sale, liquidation of personal information devices such as mobile phones, computers, hard drives... even if users carefully delete data, still have the potential risk of disclosure.

For organizations and businesses, it is due to loopholes in systems, applications, and software; laxity in compliance with regulations and information discipline on the network environment; loopholes in customer information security policies. There are even businesses that intentionally give customer information to third parties for many unhealthy purposes.

The Ministry of Public Security warns that there are three main groups of scams on the Internet: Brand counterfeiting, account hijacking, and other combinations with 24 forms of scams. Cybersecurity expert Ngo Minh Hieu (Hieu PC) commented that the main cause of information leakage is lack of knowledge, lack of measures and procedures to protect data, and loose control in collecting, processing, storing, and exploiting information.

According to Mr. Vu Xuan Nguyen, Chairman of the Board of Directors of IGB Joint Stock Company, specializing in software and technology, to prevent information leakage, businesses need to implement the following measures: Multi-factor authentication (MFA) and access management, ensuring that only authorized persons have access to sensitive information; encrypting data both during storage and transmission; End-to-End Encryption to ensure that only designated recipients can decrypt and read information; continuous monitoring and early detection of intrusions using technologies such as intrusion detection systems (IDS) and intrusion prevention systems (IPS); training and improving security skills for employees on phishing identification (email fraud), basic security skills and information processing procedures to help reduce the risk of leakage from human factors.

In particular, data must be backed up regularly in case of security incidents or data loss. IGB has applied international security standards ISO/IEC 2700I, using SSL/TLS encryption for all online connections.

The National Cyber ​​Security Association has proposed building a platform to connect and share cybersecurity information, helping organizations proactively respond to incidents, monitor new criminal attack tools and techniques, provide early warnings of threats, support strategic decision making; help organizations protect digital assets and maintain data safety and security.

The association also launched a free anti-fraud nTrust application for smartphones that helps detect signs of fraud by checking phone numbers, account numbers, website links and QR codes. The nTrust software has more than 1 million verified records, compiled from data sources of the Ministry of Public Security, the Ministry of Information and Communications, the State Bank of Vietnam and the association's member cybersecurity organizations.

On October 8, the association officially launched the VnDPO Personal Data Protection Expert Training Program. Trainees will receive intensive training with practice time accounting for 60% of the total program duration. Through the National Malicious Domain Name Warning and Prevention System, by June 2024, the Information Security Department (Ministry of Information and Communications) had blocked 3,170 online fraud websites, protecting more than 10 million people from fraudulent and illegal websites.