Warning of 4 dangerous cyber security vulnerabilities threatening information systems in Vietnam

Zero-day vulnerabilities are one of the most dangerous threats to business and government systems in Vietnam today. (Illustrative image)

Zero-day vulnerabilities and enterprise software

Zero-day vulnerabilities are among the most dangerous threats to enterprise and government systems in Vietnam. These vulnerabilities have not been discovered or patched by software vendors, creating opportunities for cybercriminals to exploit them before patches are released.

A prime example is that in May 2024, a zero-day vulnerability in Microsoft Outlook was sold on the dark web for nearly $2 million, demonstrating the severity of attacks targeting this vulnerability. Zero-day vulnerabilities typically allow cybercriminals to infiltrate systems without user interaction, making them ideal targets for remote attacks.

A report from Kaspersky shows that between January 2023 and September 2024, more than 547 posts related to the sale of exploit tools were recorded, with half of them targeting zero-day vulnerabilities. Delays in patching vulnerabilities at many organizations are the main reason why zero-day vulnerabilities are being widely exploited.

Anna Pavlovskaya, senior analyst at Kaspersky Digital Footprint Intelligence, stated: "Exploits can target any program or software, but the most sought-after and expensive ones are typically targeted at enterprise software. Cybercriminals can use exploits to steal business information or monitor an organization undetected to achieve their goals. However, some exploits sold on the dark web may be fake or incomplete and not function as advertised. Furthermore, the majority of transactions take place clandestinely. These two factors make assessing the true size of this market extremely difficult.”

The dark web market offers a wide variety of exploits, with the two most common being tools targeting remote code execution (RCE) vulnerabilities and local privilege escalation (LPE) vulnerabilities. Based on an analysis of over 20 advertisements, the average price for an RCE exploit is around $100,000, while LPE exploits typically cost around $60,000. RCE exploits are considered more dangerous because attackers can gain partial or complete control of a system or access sensitive data.

IoT and mobile device vulnerabilities

In 2024, IoT (Internet of Things) devices became a prime target for cyberattacks. According to the National Cybersecurity Monitoring Center (NCSC), in September 2024 alone, 45,000 vulnerabilities were discovered in the information systems of government organizations and businesses in Vietnam. Among these, 12 critical vulnerabilities directly affected IoT devices such as security cameras and public billboards.

IoT devices are often connected to networks without adequate security measures, increasing the risk of remote attacks. In particular, data-collecting devices such as surveillance cameras and public billboards can be exploited to access sensitive information or control the system. Experts warn that, without proper protection, attacks on IoT systems can cause damage not only financially but also to national security.

According to cybersecurity experts, the deployment of IoT devices in Vietnam, across sectors such as urban management, security, and transportation, is rapidly increasing. However, the lack of regular patch updates and system monitoring has created an ideal environment for cybercriminals to exploit. This necessitates organizations investing more in IoT security solutions, including regular testing, monitoring, and updating of IoT devices.

Vulnerabilities in Linux software and operating systems.

Although the Linux operating system has long been considered secure, in 2024, cybersecurity experts witnessed a significant increase in attacks targeting applications and systems based on this platform.

According to a Kaspersky report, attacks on Linux and popular applications have more than tripled compared to the previous year, targeting enterprise servers and data management systems.

One of the most serious vulnerabilities is CVE-2024-21626, which appears in the "runc" container management tool. This vulnerability allows attackers to escape the container environment, thereby compromising the server system and enterprise infrastructure.

Vulnerabilities in Linux operating systems are often exploited in enterprise environments, where vast amounts of sensitive data are involved, enabling attackers to carry out sophisticated attacks such as ransomware.

According to experts, given the popularity of Linux in enterprise environments, failure to patch vulnerabilities like CVE-2024-21626 in a timely manner could lead to larger-scale attacks, especially when data management systems are compromised. Therefore, organizations need to focus on investing in security tools to protect this operating system, including regularly checking and updating patches.

Cyberattacks using AI and sophisticated malware.

With the rapid development of artificial intelligence (AI), cyberattacks are becoming increasingly sophisticated. AI not only helps cybercriminals automate attacks but also enables them to develop more difficult-to-detect malware. One worrying trend is the use of DeepFake and ChatGPT to create sophisticated phishing scenarios aimed at stealing user information.

Data from the NCSC shows that in the third quarter of 2024 alone, AI-powered attacks increased by 30% year-on-year, primarily targeting financial institutions and e-commerce businesses. AI-powered malware can learn from its environment and evolve over time, making detection and prevention much more difficult. Experts warn that without timely protection, these attacks will become increasingly sophisticated and cause significant damage.

AI tools like DeepFake are being used to fake images and videos of organizational leaders, perpetrating financial scams and attacking security systems. This not only affects businesses but also poses a threat to national security.

With the rise of cybersecurity vulnerabilities, especially zero-day vulnerabilities, IoT vulnerabilities, and AI-powered sophisticated malware, cybersecurity experts recommend that organizations and businesses in Vietnam take urgent action. Accordingly, businesses need to strengthen monitoring and update their systems immediately after vulnerabilities are disclosed, as this is the most critical period. Using licensed security solutions can help organizations identify and fix vulnerabilities quickly, minimizing the risk of attack.