The information was found in the report about the risks to Vietnam’s information security and possible impacts on the fields of production, retailing, education, finance and banking. The report was presented at the workshop on information security investment orientation some days ago.
VCS-Threat Intelligence Report showed that as many as 10,552 accounts in the retail sector, 26,654 in manufacturing, 11, 642 in education and 30,412 in the finance and banking sectors have been hacked so far this year, an increase of 200 percent over 2022. This may cause the big loss of up to VND16.5 billion.
About 5,800 fraudulent domain names impersonating businesses and organizations’
brands have been used in campaigns to defraud individual users, mostly in the retail, finance and banking sectors. 126 attack campaigns have been conducted with the purposes of intrusion, blackmail, surveillance and information theft, an increase of 58 percent compared to 2022.
Notably, 2023 witnesses the boom in offering to sell users’ information together with systematic and sensitive data of enterprises in the fields of manufacturing, retail, education, and finance and banking.
VCS believes that the data were leaked and stolen after administrative accounts of the data storage system were hacked. After that, hackers bought/sold the administration accounts and used the accounts to access directly to data extraction system.
In other cases, hackers exploited the vulnerabilities existing on enterprises’ systems, illegally extracted data and offered to sell data with high required ransom.
To fix the problem, retail companies need to check the accounts from which data were leaked, and replace existing passwords with stronger passwords. It is also necessary to check the diary of accessing systems with the leaked accounts, define abnormal access signs, investigate and respond in case they find illegal penetration attempts.
Retailers have also been advised to update information about the patches for systems so as to avoid the risk of being attacked which will cause data leakage.
According to Tran Dang Khoa, deputy head of the Authority for Information Security (AIS), the Ministry of Information and Communications (MIC), businesses, institutions and people are facing information security risks in cyberspace. Therefore, making investment to ensure cybersecurity is a necessary investment for sustainable development and value creation.
Experts pointed out that institutions and enterprises have made big investments in their information security systems as they have been aware of risks, but they forget that there are many vulnerabilities which still cannot be solved.
Trong Dat