The attack on the technology system of VNDIRECT Securities Joint Stock Company (VNDirect) is a warning for all securities companies as well as financial institutions to proactively review their network security systems.
Data encryption attack
On the morning of March 26, VNDirect retrieved the “key” to decrypt the data, hoping to fully recover the data. Normally, a company with a backup system will be put into operation soon in case the main system is attacked. “However, in VNDirect’s case, the backup system may have been attacked, not just the main system, causing the recovery time to be extended and the system to be “disconnected” as happened,” said Mr. Vu Ngoc Son, Technology Director, National Cyber Security Company NCS.
VNDirect has announced that it plans to reconnect with exchanges and investors to trade normally from Thursday (March 28, 2024). This is not too long, with a large amount of data like VNDirect's, recovery needs to be calculated in days. "If VNDirect can do as announced, it is a great effort, worthy of recognition," commented Mr. Vu Ngoc Son.
Ms. Vo Duong Tu Diem, Director of Kaspersky Vietnam, said: “Recently, we have had many warnings about the risks of attacks on financial systems. We all know that no system is absolutely safe, so banks and financial institutions need to focus on investing in information security to reduce the possibility of malicious agents invading the systems of organizations.”
“4-layer” safety guarantee
According to an expert from the Vietnam Information Security Association, the attack on the VNDirect system is a warning to organizations about the need to invest more in IT systems, including network security. It is time for securities companies to ensure network information security for their systems according to the "4-layer" defense model guided by the Ministry of Information and Communications.
According to a technical report conducted by the National Cyber Security Monitoring Center under the Department of Information Security, in January and February 2024, the center's technical system recorded 71,877 and 76,507 weaknesses and information security vulnerabilities in information systems of state agencies and organizations.
Talking about the risk of cyber attacks on financial systems, Mr. Yeo Siang Tiong, General Manager of Southeast Asia of Kaspersky, shared: “Currently, as financial technology advances, banks open more connection ports, integrate with third-party applications... This has inadvertently created opportunities for cybercriminals to carry out acts of sabotage of important systems, so financial systems must be even more careful.”
The Department of Information Security (Ministry of Information and Communications) has just issued a warning about 6 high-level and serious information security vulnerabilities in Microsoft products announced in March 2024. Specifically, the information security vulnerabilities in Microsoft products warned to units in Vietnam this time are: CVE-2024-21408 in Windows Hyper-V, CVE-2024-26198 in Microsoft Exchange Server, CVE-2024-21407 in Windows Hyper-V, CVE-2024-21334 in Open Management Infrastructure - OMI, CVE-2024-21426 in Microsoft SharePoint and CVE-2024-21411 in Skype for Consumer.
TRAN LUU - BA TAN
Source
Comment (0)