Recent cyber-attacks on large corporations in Việt Nam are sounding alarm bells about domestic cybersecurity systems, requiring prompt actions to defend against malicious attacks.
During the past two weeks, three companies reported suffering from cyberattacks which had serious consequences.
On March 24, securities company VNDirect's entire system suffered a ransomware attack, resulting in the temporary unavailability of the trading platform. Not until a week later could the system be reopened.
The Post and Telecommunication Joint Stock Insurance Corporation (PTI) also reported a cyberattack on its system nearly at the same time as the attack on VNDirect’s system.
Most recently, PetroVietnam Oil Corporation (PVOIL) reported a ransomware attack on April 2 which caused disruptions to its information system, including the issuance of electric invoices. The company’s system underwent troubleshooting and returned to normal operation on April 4.
These cases are just the tip of the iceberg.
The Authority of Information Safety (AIS) under the Ministry of Information and Communications has warned about the increase of cyberattacks in Việt Nam, especially ransomware in which cybercriminals seize and encrypt data then ask for ransom payment.
The AIS’s statistics showed that there are more than 2,330 attacks on the information systems in Việt Nam in the first quarter of this year, causing system disruption and serious damages while affecting national cyber space security.
According to Việt Nam National Cyber Security Technology Corporation (NSC), there were 13,900 cyberattacks in 2023, an increase of 9.5 per cent against 2022. In particular, ransomware attacks caused serious consequences. Around 83,000 computers and servers were reported to be attacked by data encryption malware, up by 8.4 per cent over 2022. Specially, the number of ransomware attacks increased sharply in the last quarter of 2023, up 23 per cent against the average of the three previous quarters.
BKAV Corporation in early March also warned that LockBit Black, a new variant of the famous data encryption virus, had begun to attack systems in Việt Nam. BKAV’s virus monitoring and warning system recorded more than 19,000 servers attacked by ransomware from 130,000 malicious IP addresses in the world, an increase of 35 per cent over 2022.
A report by Viettel Cyber Security Company showed that there are at least 9 ransomware attacks targeting big companies and organisations in Việt Nam recently which decrypted hundreds of GB of data and required ransom payments estimated to total around $3 million.
The National Cybersecurity Association early this month warned about the alarming situation of increasing cyber-attacks targeting key information systems of agencies and businesses in Việt Nam, especially in sectors such as electricity, banking, securities, payment intermediary, telecommunications, oil and gas and healthcare.
Ngô Quốc Vinh, deputy director of VNSC Global Solution Technology which focuses on developing information security products and services, said that Việt Nam’s cyberspace is witnessing an increase in ransomware attacks. However, there is not sufficient grounds to determine that this is a targeted attack campaign on Việt Nam.
He said one of the reasons Việt Nam is in the group of countries that suffer many cyberattacks is that many users in Việt Nam have the habit of using pirated or invalid software provided for free on the Internet. This creates conditions for cybercriminals to easily install malicious code inside systems for a long period of time.
Ransomware attacks often do not start immediately but hackers wait for the right time to achieve the greatest level of impact and gain the most financial benefit, he said.
Vũ Ngọc Sơn, NSC’s technology director, said that a series of cyber-attacks occurred in just a short period of time targeting sectors including securities, energy, telecommunications, and healthcare. These attacks are similar in that hackers were under cover for a period before encrypting data for ransom.
In these cases, attack techniques are not the same, however it is unlikely that these attacks were carried out by a group of hackers, or this was an advanced persistent thread.
To encrypt data, hackers must have enough time to know which data is important. Therefore, hackers have to install malicious code to collect information every day then analyse, evaluate and select targets for encryption.
The implementation of defensive solutions by Vietnamese companies and organisations remains limited, while cyber attacks are increasingly sophisticated, Sơn said, stressing that systems in Việt Nam face the risk of being attacked at any time.
What to do?
According to Trương Đức Lượng, chairman of Vietnam Network Security Joint Stock Company, recent cyberattacks which have drawn significant attention because of their impact on people, are just the tip of the iceberg. The positive point of these incidents like these are that they increase attention to cyber security.
However, cyber security is a long way, not just stopping at how we handle specific attacks, but learning lessons and applying them in practice are much more important. “If network security is not properly understood, it will be the first thing to be mentioned and also the first thing to be eliminated in cost optimisation.”
“Prevention is better than cure,” Vinh said, adding that it’s time for enterprises to pay more attention to methodical investment in information security.
He said that the short-term strategy for enterprises and organisations is to immediately use information security assessment, operation and monitoring services from professional organisations. In the long term, enterprises and organisations need to develop strategies to be able to autonomously ensure information security with a suitable investment roadmap for a comprehensive information security architecture.
According to Sơn, enterprises and organisations must first urgently put important systems under round-the-clock network security monitoring to quickly detect system intrusion and eliminate imminent threats.
Data backup is important, he said, adding that it is best to set up a periodic backup system.
In addition, enterprises and organisations must be well-prepared for responding in case incidents happen.
Training should also be provided to enhance awareness and user skills.
Reviews and inspections of the information and network security systems should be carried out periodically.
The AIS recently urged businesses and organisations to strengthen solutions to ensure network information security with priority on monitoring and early warning solutions.
On Saturday, the AIS makes public a handbook on solutions to prevent and minimise risks from ransomware attacks aiming to ensure national cyberspace safety which can be downloaded at the portal of the National Cyber Security Centre of Việt Nam at the address khongianmang.vn.
Regarding ransom payment, Phan Văn Hưng, technology director of Tomotech Joint Stock Company said that paying a ransom to hackers after a cyberattack is a difficult problem and there is not a simple answer.
Theoretically, paying a ransom can help businesses to get their data back and restore their systems quickly. However, there is no guarantee that hackers will keep their promises after receiving money. Meanwhile, paying a ransom could encourage hackers to continue attacking other systems.
Hưng said that enterprises should not pay ransoms to hackers but focus on protecting their systems and data against cyber attacks.
The Counter Ransomware Initiative (CRI) with the participation of 50 countries endorsed a statement that relevant institutions under national government authority should not pay ransomware extortion demands.
If ransom is made, it will create a dangerous precedent.
During a ransomware attack, cybercriminals deploy malware (malicious software) into targeted computer systems to seize and encrypt sensitive data and demand a ransom payment for a decryption key.
The first ransomware attack in the world happened in 1989. After more than 30 years, ransomware has become more complicated, dangerous and regular.
It usually takes businesses a few weeks to months to recover from a ransomware attack.
However, according to a study by security firm Kaspersky, up to 71 per cent of enterprises could not fully restore data after being attacked. Up to 50 per cent lost some data and 13 per cent lost all, even when ransoms were paid.