Alongside two prominent ransomware groups, Lockbit and Blackcat, three information-stealing malware (stealers) groups - Atomic, Braodo, and Golden Pickaxe - have also been highly active in Vietnam during Q3 2024.
Surge in ransomware attacks
In the first months of this year, Vietnam's cyberspace experienced several cyberattack incidents, particularly those involving ransomware - malicious software that encrypts data and demands a ransom.
These incidents not only disrupted operations and caused material and reputational damage to targeted agencies, organizations, and businesses but also impacted the overall effort to ensure national cybersecurity.
Over the past 10 months, the Authority of Information Security (Ministry of Information and Communications) has issued multiple warnings to domestic agencies, organizations, and businesses about the rising trend of ransomware incidents.
During the recent opening event of the DF Cyber Defense 2024 drill, Acting Director of the IT Department at the State Bank of Vietnam, Le Hoang Chinh Quang, cautioned information security teams from nearly 50 banks and financial institutions about the severe ransomware attacks affecting organizations in Vietnam. One financial institution had been severely impacted, suffering significant damage due to ransomware.
Photo: Information security officers from 46 banks and financial institutions practicing cyber defense during the DF Cyber Defense 2024 drill. Photo by Van Anh
Persistent threats from ransomware and stealers
A recent study on cybersecurity threats in Vietnam for Q3 2024 by Viettel Cyber Security highlighted ransomware and stealer malware as highly active threats frequently used in attacks on domestic systems.
Compared to the first two quarters of 2024, the number of ransomware attacks in Q3 showed a slight decrease; however, their impact remained significant, with large companies and organizations being primary targets.
Hackers often use various methods to spread ransomware, including phishing emails, creating fake websites, and exploiting security vulnerabilities to infiltrate systems. Key targets include vulnerable servers containing critical data, which present lucrative opportunities for ransom demands.
Notably, the potential for ransomware attacks on data encryption and virtualization infrastructure within Vietnamese businesses and organizations was recorded in Q3.
Attackers escalated their presence deep within systems and performed encryption using methods such as exploiting public application vulnerabilities (e.g., email, websites), compromised login credentials for critical systems, and inadequate data partitioning and backup policies.
During Q3, experts issued multiple warnings about different types of stealer malware targeting ASEAN countries, including Vietnam. Notably, new stealer malware has been spreading through malicious software packages on GitHub.
Five major malware groups
Viettel Cyber Security’s recent report identified five major malware groups active in Vietnam during Q3 2024:
1. Lockbit (Ransomware): Operates under a 'Ransomware as a Service' model and primarily targets businesses and organizations.
2. Blackcat (Ransomware): Affects Windows users and also follows the 'Ransomware as a Service' approach.
3. Atomic (Stealer): Targets MacOS and is sold widely on Telegram as a service, capable of stealing cryptocurrency wallet credentials and passwords.
4. Golden Pickaxe (Stealer): Employs social engineering to trick victims into granting access and personal information, including facial video data, to steal funds from bank accounts.
5. Braodo (Stealer): Spreads through deceptive attachments containing malicious scripts (e.g., BAT, HTA, MSI) and steals account information from popular browsers like Chrome, Firefox, and Opera.
Experts recommend that agencies and organizations deploy comprehensive measures to prevent and respond promptly to attacks, including ransomware and stealer malware incidents.
Proactive threat hunting, identifying potential risks, and continuous 24/7 monitoring to detect and respond early to attacks are two highly emphasized strategies.