Cyber security in Vietnam is increasingly complex, with frequent attacks, including data encryption attacks, targeting units with critical systems, because IT assets are "forgotten", not upgraded, patched, and unintentionally become a springboard for hackers to infiltrate.
Consecutive data encryption attacks on large domestic enterprises (Illustration photo) Data encryption attack campaign targeting domestic information systems?
Recently, many Vietnamese enterprises such as VNDirect, VPOIL… have been attacked with data encryption. When this incident occurred, the functional forces on network safety and security, mainly A05 (Ministry of Public Security) and the Department of Information Security (Ministry of Information and Communications), have been and are actively supporting these enterprises with experts to overcome and handle the incidents.
The fact that Vietnamese organizations and businesses have been continuously facing ransomware attacks recently is causing many agencies and units to worry about whether there is a ransomware attack campaign (data encryption attack) targeting domestic information systems.
According to experts, cyber security in Vietnam is increasingly complex, with frequent attacks targeting units with critical systems, because IT assets are "forgotten", not upgraded, patched, and unintentionally become a springboard for hackers to infiltrate.
Ransomware attacks are not new, but they have become quite popular in recent years. Financial and securities organizations are always among the top targets of ransomware attack groups. In fact, many financial, technology, and media companies around the world have also been attacked with ransomware, causing prolonged disruptions in operations.
It can be said that up to now, ransomware attacks have become a common problem for all businesses and organizations globally, especially financial institutions, banks or units that manage and process a lot of user data. This problem poses for businesses the problem of having to strengthen security and protect the safety of information systems.
Hackers "lie in" the system like "thieves hiding under the bed" without the homeowner knowing
At the recent seminar on preventing ransomware attacks, Lieutenant Colonel Le Xuan Thuy, Director of the National Cyber Security Center, Department of Cyber Security and High-Tech Crime Prevention (A05), Ministry of Public Security, shared that from experience in handling cyber attacks, it can be seen that hackers can stay in the area for a very long time. In some banks, they even conduct draft money transfers.
“It is possible that many important organizations have been “undercover” by hackers. The situation at this time is as dangerous as “a thief hiding under the bed”, without the homeowner knowing. There are many cases where hackers are more proficient than specialized staff. A unit in the financial sector was attacked in December 2023, hackers were undercover for a long time, causing damage of nearly 200 billion VND,” Lieutenant Colonel Le Xuan Thuy commented.
Sharing the same view, Mr. Vu Ngoc Son, Head of Technology Research Department of National Cyber Security Association, compared hackers to bad guys hiding in supermarkets. They infiltrate the system, thoroughly understand valuable items, cash register codes, layout diagrams, door codes... then suddenly act, locking all the warehouse so that no one can access it anymore.
Lying in is one of the eight steps of a data encryption attack, including: detection, intrusion, lying in, encryption, cleaning, extortion, money laundering and repetition. Lying in can last from 3 to 6 months, helping hackers collect information and identify important targets.
They target three things: where the important data is, how the user management system is, and what the IT systems do. After a period of learning, they can become more expert in that field than the operator.
Don't wait until the cow is gone to build the barn.
The cyber security situation in Vietnam is increasingly complex, with frequent attacks targeting units with critical systems. Lieutenant Colonel Le Xuan Thuy commented that Vietnam is actively transforming digitally but has not paid due attention to cyber security. When digital transformation flourishes, the imbalance with cyber security increases, increasing the level of risk.
According to the observation of the A05 representative, 24/7 network security monitoring has only recently received attention after major incidents occurred, causing serious damage. In addition, there are still bad situations that exist in large organizations and large banks. For example, businesses "forget" information technology assets, do not upgrade, patch errors and unintentionally become a springboard for hackers to infiltrate.
Commenting on the delay between awareness and action in Vietnam, Mr. Vu Ngoc Son cited the case of an organization that was attacked despite being warned about a system access vulnerability.
“It is not advisable to lock the barn door after the horse has fled in this information technology era. If you leave your property unprotected, it is extremely dangerous,” Mr. Vu Ngoc Son advised.
In the digital age, agencies, organizations and businesses must face threats and risks of information security and insecurity that are constantly increasing in cyberspace every day and every hour.
According to statistics, since the beginning of 2023, there have been more than 13,750 cyber attacks on information systems in Vietnam causing incidents. In particular, in the first 3 months of 2024 alone, the number of cyber attacks on information systems in Vietnam was 2,323.
Source
Comment (0)