The agency noted the strong rise of this type of attack recently, which interrupts the operations of agencies and enterprises. The attacks also harm the image and reputation of the institutions, as well as threaten national cyberspace.
On March 24, 2024 VNDIRECT securities was attacked and on April 1, or one week later, the incident was fixed and transactions resumed.
Most recently, BKAV Corporation discovered that hackers accessed an information system via TeamViewer. At an enterprise, TeamViewer on the computer is shared among its workers with a default password. Hackers collected the password, logged in the computer, installed LockBit 3.0 malware on desktop, and conducted the attack.
In an effort to give an early alert about APT (advanced persistent threats) attacks, NCSC (National Cyber Security Centre) has collected, analyzed and discovered many IOCs (indicators of compromise) that could affect agencies, organizations and enterprises.
The list of IOCs has been sent to organizations nationwide. The groups carrying out APT attacks mentioned include APT Kimsuky, APT41, APT VoidBanshee, APT Ghost Emperor and APT MirrorFace.
AIS has recommended that agencies, organizations and enterprises examine servers and workstations, and check all monitoring systems in accordance with the IOCs provided, to deal with risks and threats to information systems under their management.
Agencies and enterprises have been asked to update IOCs, especially ones shared by the NCSC’s system at alert.khonggianmang.vn.
The records from AIS’s technical system about the increase in ransomware attacks are similar to assessments by many organizations and businesses providing information security solutions in Vietnam and overseas.
Though it is not a new form of cyberattack, ransomware attacks are still a big threat to many businesses and organizations globally and in Vietnam.
Commenting about information security in the first half of 2024, VSEC (Vietnam Security Network JSC) said the rapid increase in ransomware attacks is a problem internationally, with new records in the number of attacks continually being set.
VSEC cited a report by Trend Micro as saying that the number of attacks globally in the first half of the year increased by 1.3 times over the same period in 2023. Of this, the number of ransomware attacks rose by 50 percent.
Meanwhile, a research work by Sangfor, an Asian security firm, found that Vietnam is among the countries suffering a high number of ransomware attacks.
In its newly released report about information security in Vietnam in the first half of the year, Viettel Cyber Security commented that ransomware has been the major type of attack in Vietnam recently.
The firm said the volume of data affected by ransomware attacks in the first half of 2024 was up to 3 Terabytes, which caused a total loss of $10 million.
One of the attacks was one carried out by Lockbit, targeting a finance company in March, which caused service disruption for a long time. There were other attacks targeting subjects in many business fields, from retail and finance to information technology.
Viettel Threat Intelligence discovered that in the first six months of the year, 56 domestic organizations suffered ransomware attacks.
The system recorded many risks of ransomware attacks at organizations and businesses in Vietnam. Attackers penetrated information systems and conducted encryption using different methods, by exploiting vulnerabilities of organizations’ public applications (such as email, websites); by stealing login accounts of important systems of the organization; and by exploiting holes in zoning and data backup.
Experts agree that ransomware will continue to be a major threat to agencies, organizations and businesses, especially when malware becomes more sophisticated, with new variants that can encrypt data quickly and higher ransoms required.
Minister of Information and Communications Nguyen Manh Hung in late June sent a document to ministries and heads of ministerial agencies and government agencies that shows six solutions to enhance the effectiveness of information security protection and after-incident quick reactions.
Two core issues were emphasized, including periodically implementing data backup and implementing solutions to quickly recover information systems’ operation, resuming normal operation of information systems within 24 hours or as requested by organizations.
Trong Dat