This is the "analogy" of Lieutenant Colonel Le Xuan Thuy, Director of the National Cyber ​​Security Center, Department of Cyber ​​Security and High-Tech Crime Prevention (A05), Ministry of Public Security, when asked about the level of danger of hackers lurking in key information technology systems.

W-psx-20240405-151754-1.jpg
Lieutenant Colonel Le Xuan Thuy, Director of the National Cyber ​​Security Center, Department A05, Ministry of Public Security, shared at the seminar on preventing ransomware attacks on the afternoon of April 5 in Hanoi . Photo: Le Anh Dung

At the seminar on preventing ransomware attacks organized by the IT Journalists Club on the afternoon of April 5, Mr. Le Xuan Thuy shared that from his experience in handling cyber attacks, it can be seen that the time hackers can stay in the dark is very long. In some banks, they even conduct draft money transfers. In particular, there are many cases where hackers are more proficient in their work than specialized staff. He cited the example of a unit in the financial sector that was attacked in December 2023, hackers stayed in the dark for a long time, causing damage of nearly 200 billion VND.

Sharing the same view, Mr. Vu Ngoc Son, Head of the Technology Research Department of the National Cyber ​​Security Association, compared hackers to bad guys hiding in supermarkets. They infiltrate the system, thoroughly understand valuable items, cash register codes, layout plans, door codes... then suddenly act, locking all the warehouse so that no one can access it anymore.

W-psx-20240405-152518-1.jpg
Mr. Vu Ngoc Son, Head of Technology Research Department of the National Cyber ​​Security Association, recommends that agencies and organizations should not "wait until the cows are gone before building the barn." Photo: Le Anh Dung

Lying in is one of the 8 steps of data encryption attack, including: detection, intrusion, lying in, encryption, cleaning, extortion, money laundering and repetition. Lying in can last from 3 to 6 months, helping hackers collect information, identify important targets. They aim at three targets: where is the important data, how is the user management system, what are the tasks of the information technology systems. After a period of learning, they can become more expert in that field than the operator.

According to Mr. Pham Thai Son, Deputy Director of the National Cyber ​​Security Monitoring Center - NCSC, Department of Information Security ( Ministry of Information and Communications ), hackers have been lurking for a long time and once they strike, they will be defeated. "The goal of hackers is money. Organizations need to pay more attention to ensuring information security and monitoring the system."

The cyber security situation in Vietnam is increasingly complex, with frequent attacks targeting units with critical systems. Mr. Le Xuan Thuy commented that Vietnam is actively transforming digitally but has not paid due attention to cyber security. When digital transformation flourishes, the imbalance with cyber security increases, increasing the level of risk.

According to the observation of the A05 representative, 24/7 network security monitoring has only recently received attention after major incidents occurred, causing serious damage. In addition, there are still bad situations that exist in large organizations and large banks. For example, businesses "forget" information technology assets, do not upgrade, patch errors and unintentionally become a springboard for hackers to infiltrate.

W-psx-20240405-151337-1.jpg
Overview of the seminar on Preventing Ransomware Attacks organized by the IT Journalists Club. Photo: Le Anh Dung

Commenting on the delay between awareness and action in Vietnam, Mr. Vu Ngoc Son cited the case of an organization that was attacked despite being warned about a system access vulnerability.

“It is not advisable to lock the barn door after the horse has fled in this information technology era,” he advised. “If you leave your property unprotected, it is extremely dangerous.”

Experts point out that for these reasons, screening is extremely important. If the screening is thorough, the probability of detecting hidden risks is high, while the cost is not expensive. Regular and periodic screening is needed, and as much monitoring as possible. Department A05 has also sent notices to units and provided instructions on some screening activities, strengthening network security, and avoiding ransomware attacks. Enterprises need to do things like surface screening, deploying enhanced information systems, defenses, and managing privileged accounts.

“Monitoring is a good tool to minimize the damage caused by undercover operations. When suspicious behavior is detected, it can be stopped in time to avoid consequences. Strengthening cybersecurity monitoring is the last line of defense when all other lines have failed,” said Mr. Le Xuan Thuy.